National Computer Security Day Tips to Reduce Your Company’s Phishing Risk

November 30, 2021
80's style lettering in hot pink on a black background reads National Computer Security Dat with a neon pink and blue image of a lock next to it.


November 30th is National Computer Security Day. First established in 1988, National Computer Security Day is the perfect time for businesses to launch new security awareness initiatives. In fact, this holiday spawned from one of the world’s first cyberattacks: an attack on ARPANET (the internet’s predecessor) that harmed 10% of connected computers. In the wake of that eye-opening incident, IT professionals realized that there was a need for increased security awareness in order to reduce the chance of future similar events. The Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control chose November 30th to remind folks to be security conscious before the busy holiday season.  

Read more about the fascinating history of National Computer Security Day and look at the timeline of cybercrime here: https://nationaltoday.com/national-computer-security-day/  


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>


How Can Organizations Benefit from National Computer Security Day?


When everyone is more security conscious, the whole company benefits (especially the IT department!). National Today offers a great menu of options that enable companies and IT professionals to choose fun, engaging ways to fight back against surging cybercrime by raising security awareness in their organizations like:  


See how to avoid cybercriminal sharks, phishing & ransomware in Phishing 101. DOWNLOAD IT>>


Strong Security Starts with Phishing Awareness  


A huge part of any company’s security awareness initiative has to be phishing awareness. After all, stopping ransomware, fraud, business email compromise, malware and credential compromise starts with stopping phishing. Make sure that staffers know how to spot a phishing email, and what they should do when they encounter a dodgy message. Here’s a guide to red flags that may indicate that a message is actually phishing.   

Red Flags That Point to Phishing  

Adapted from our blog post What is a Common Indicator of a Phishing Attempt?

Subject Line   

Is the subject line accurate? Subject lines that feature oddities like “Warning”, “Your funds has” or “Message is for a trusted” should set off alarm bells. If the subject or pre-header of the email contains spelling mistakes, usage errors, unexpected elements like emojis or other things that make it stand out from emails you regularly receive from the sender, it’s probably phishing.    

Greeting  

If the greeting seems strange, be suspicious. Are the grammar, punctuation and spelling correct? Is the greeting in a different style than you usually see from this sender? Is it generic when it is usually personalized, or vice versa? Anomalies in the greeting are red flags that a message may not be legitimate.   

Domain   

Check the sender’s domain by looking at the email address of the sender. A message from a major corporation is going to come from that company’s usual, official domain. For example, If the message says it is from Sender@microsoftsecurity.com instead of Sender@microsoft.com, you should be wary.    

Word Choices, Spelling & Grammar   

This is a hallmark test for a phishing message and the easiest way to uncover an attack. If the message contains a bunch of spelling and usage errors, it’s definitely suspicious. Check for grammatical errors, data that doesn’t make sense, strange word choices and problems with capitalization or punctuation. We all make the occasional spelling error, but a message riddled with them is probably phishing.    

Style   

Does this look like other messages you’ve received from this sender? Fraudulent messages may have small variations in style from the purported sender’s usual email style. Beware of unusual fonts, colors that are just a little off, logos that are odd or formats that aren’t quite right.    

Links  

Using malicious links to capture credentials or send victims to a web page that can be used to steal their personally identifiable information (PII) or financial information is a classic phishing scam. Hovering your mouse or finger over a link will usually enable you to see the path. If the link doesn’t look like it is going to a legitimate page, don’t click on it. If you have interacted with it, definitely don’t provide any information on the page that you’re directed to because it’s almost certainly phishing.    

Attachments   

Never open or download an unexpected attachment, even if it looks like a normal Microsoft 365 (formerly Office) file. Almost 50% of malicious email attachments that were sent out in 2020 were Microsoft Office files. The most popular formats are the ones that employees regularly exchange every day — Word, PowerPoint and Excel — accounted for 38% of phishing attacks. Archived files, such as .zip and .jar, account for about 37% of malicious transmissions.    

Origin  

Is this someone or a company that you’ve dealt with before? Does the message claim to be from an important executive, politician or celebrity? A bank manager or tax agent you’ve never heard of? Be cautious about interacting with messages that seem too good to be true. Messages from government agencies should also be handled with care. Phishing practitioners love using fake government messages. In the United States, the federal government will never ask you for PII, payment card numbers or financial data through an email message out of the blue – that’s phishing.   


Get on the road to security success with a 5 Steps to Ransomware Readiness infographic! GET IT>>


Increase Computer Security by Protecting Computers from Phishing-Related Threats  


The fastest and easiest way to prevent a phishing-related disaster is to prevent employees from receiving a phishing message with Graphus. Automated, AI-powered protection for email boxes is the best way to guard against phishing risk – an automated security solution like Graphus catches and kills 40% more phishing threats than conventional security or a SEG. The ideal choice to combat the flood of dangerous phishing email heading for every business, Graphus layers security for more protection with three powerful shields.   

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.    
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.      
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.   

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus