Today’s Internet is a scary place filled with many malicious entities. Phishing emails are a particularly malicious type of attack vector, and they are difficult to deal with. Phishing emails generally implement a combination of social engineering and technical attributes to persuade a user into taking a particular action. Some phishing emails may try to convince a user to send money to the attacker, others may coerce the user into clicking a malicious hyperlink. Regardless, end users need to be protected from these malicious attack vectors.
So, what should you do about the suspicious email you received?
Here are some general rules which can help every end user.
1. If you see a hyperlink you are unsure about… Don’t click it.
2. If you see an attachment you are unsure about… Don’t click it.
3. If the sender is asking for information that sounds suspicious… Don’t answer it.
4. If the email doesn’t seem relevant to you… Delete it.
5. If you think the email is impersonating someone you know... Call them by phone.
6. When in doubt, DELETE IT.
Now, obviously there are ways to determine the validity of a hyperlink or attachment, but these recommendations are for users unable to do so. If you are able to analyze the email and its contents yourself, you should do so. The key point here is that even the most experience users can be fooled. If you can, try to develop a good cyber-hygiene habit by deleting any emails which you don’t need.