Phishing for Answers is a video series answering common questions about phishing, ransomware, cybersecurity, and more. These videos are great to share with your colleagues, friends, and family! Today we’re talking about internal phishing emails.
Phishing emails can seem as though they're coming from pretty much anyone. And that's what makes them so tricky. Cyber criminals are able to send hundreds of emails pretending to be whoever and whatever company they choose. Right down to the company you work for and the people you work with. Knowing the signs and what to look out for can keep your company's information and data safeguarded from criminals looking to exploit or steal company information.
Often, internal phishing emails will require you to click a link and log into a specific account within your company. If successful, this could give the hacker access to all of your company's information and data. Internal phishing emails usually appear to be sent from your boss, HR or the IT department. However, these types of scams can be quite easy to spot. As the sender address can be a dead giveaway. Within your company, employees are given a specific email URL. And hackers aren't able to replicate that. They can get close, but they can't completely copy it. So always make sure to double, even triple check the sender address. And remember, if you get an email that appears to be from HR, but doesn’t use your company's URL, then it is clearly a scam. It's also always smart to check with the person the cybercriminal is pretending to be. If they have no knowledge of the email, then you know for sure it was phishing.
Using these tips can help you eliminate the possibility of falling victim to an internal phishing attack. And as we always say, let's stay aware out there!