Phishing is a social engineering attack targeting everyone. Clearly the border between spam and phishing is vanishing. So what are left with? Emails with malicious links and / or attachments. Both trying to make you hand over credentials and install malware. Recognising an email as a phish can be difficult. Good attacks may only have one or two minor “mistakes” which you need to catch. What are typical indicators?

1. Email Addresses. Thoroughly evaluate the address you received this email from. Does it really fit to whom it claims to come from? If there is any doubt - delete the email immediately. Also be careful about the domain the email comes from - minor differences in spelling make the email come from a totally different server.

2. Does the email greet you personally or does it use some generic greeting? If the later - delete it right away. In case you may do delete an important email - sender will get back to you anyway!

3. Is the email written in a way to urge you into doing something? Ok, why should someone - you do not know and in relation to a situation you are not aware of doing that - via email? Using authority, fear or curiosity are clear indicators of phishing emails. The reasoning behind building on such emotions is simple. Once you are stressed or under a certain emotional pressure you will not make well thought out decision. You are more likely to take shortcuts and let your feelings determine the decision - so you will click the link or open the attachment. Besides the quality of the writing may be an other indicator: Spelling mistakes, odd words, grammatical errors, etc. all not typical for banks or similar companies.

4. If the email contains a link - carefully validate it. Especially take a look at the real target of link not only the link’s name as displayed within the email. There are several ways to do that. Either you hover your mouse over the link and compare the appearing address to the one presented in the email or you switch into plain text mode and read the email that way. Here as well, minor spelling differences will have a major impact. You will end up on a server that does not belong to the claimed target.

5. Attachments - did you really expect an email from this person or company including an attachment? If you are not sure upload the attachment to sites like virus total first to check it for known malware. This is still only a partial solution because virus total can only be as good as the signatures of the anti-virus companies are. Normally those are lacking well behind. On a second thought the malware may be encoded differently to avoid signature based detection.

Further steps may include checking the mail headers - to see if the email originated really from the company it claims to come from. However since email servers must face the internet to do their job they are one of the first targets to attack and have a high chance of being compromised.

So once we understand how to recognise phishing emails it is time to think about how to set up an anti-phishing campaign for your company. For the next steps I assume that you do have full management buy-in as well as a legal counsellor supporting you full time. Without these two preconditions you are in deep trouble

• better you stop right away.

Now you’re of to go - cheers!