Have you ever wondered how phishing attacks get into your inbox? Most email clients, such as Outlook and Gmail, have built-in features to filter out potential threats. Additionally, it’s likely that your organization has extra security measures to help protect your work account. Unfortunately, scammers have found clever ways to bypass this security and creep into your inbox.

Technical Tactics

Most security filters work by looking for specific text patterns, file formats, or links to websites that are known to be suspicious. Scammers often bypass this feature by hosting a malicious file on a legitimate file-sharing service, such as Dropbox or Google Drive. Your email filters will not see the linked file as a threat, because it is hosted on a trusted website.

Remember: Never trust a link within an email that you were not expecting, even if it is to a familiar website.

Social Engineers

Bad guys can completely avoid security filters, by sending phishing emails that don’t include links or attachments. Instead, they use a technique called social engineering. Social engineering is when a scammer poses as someone else and tricks you into sharing sensitive information. Typically, the phishing email will appear to be from someone important, such as your manager or a member of your IT department. Then, the scammers try to use this disguise to trick you into replying with sensitive information, sending a confidential attachment, or even wiring money to them.

Remember: Stop and think before you click. Were you expecting this email? Is this an unusual request? Is there another way that this person can, or should, securely gather this information?

A Human Touch

Technology will never catch 100% of threats because the attackers are human. That’s why becoming a strong part of your organization’s human firewall is so important.

Remember: Stay on the lookout for suspicious emails. Nothing can catch a bad guy better than a good guy!