Skip to content

User education is king when it comes to phishing emails

David West Apr 6, 2017 12:00:00 AM
Email login being hooked by a fishing hook

How do I know if an email is legitimate or dangerous?

It’s a question we’re hearing more and more often at Netitude as phishing and whaling emails are becoming a greater threat to businesses and individuals alike every month.

Even for some IT professionals, spotting a potentially harmful email can be a tricky task, such is the attention to detail and accuracy used in phishing emails these days. Tightening your security with advanced email filtering solutions such as SpamTitan is certainly a great step to take, but we think the most valuable precaution a business can take is educating its users. After all, they will be receiving these emails and are at risk of clicking the wrong link or opening the wrong attachment.

User education is something we at Netitude strongly advocate – it’s low on cost and is arguably the most effective way to effectively protect your business against this type of threat.

Phish your own users – no, really!

CTO of network security giant WatchGuard Corey Nachreiner recently discussed the matter over on DARKReading, stating “I believe your phishing education program isn’t complete until you phish your own company’s tank. By that, I mean sending fake (but realistic) phishing emails to all your users to see if they fall for them.”

Free tools such as SecurityIQ allow you to send different types of genuine (but fake) phishing emails to your users as a test. Based on who interacts with the emails you can then design an email security program for your employees to teach them how to identify a phishing email, harmful attachment and so on and then how to report them to your IT department or Managed Service Provider to mitigate the threat.

Example of a phishing email

Above: A recent fake Apple email designed to phish user information

Once you have a training program in place you can regularly schedule sessions with your users to show them recent, genuine examples of phishing emails to keep knowledge up to date. At Netitude we see a new breed of phishing email every month and believe that users should understand new threats before they see them in their Inbox.

From fake parking tickets to PDF attachments which cleverly have a harmful link inside the document, there are a growing number of phishing methods your users need to be aware of. Don’t fall victim, educate!