Prep yourself to detect phishing attacks!

At Oda, we run regular phishing tests, and we want to improve each time we test. We want to be prepared to react properly to both real phishing and the tests themselves. And remember: you are not stupid if you fell for a phishing attempt. They’re made to be tricky on purpose. So, what are some good ways to spot a phishing mail and avoid being tricked?

Here are some tips on what to look out for:

• Check the email sender’s address. In many cases, the sender address is not forged, which makes it much easier for you to see that it’s fraudulent. You can click on the sender’s name to see the full sender address.
• Beware of psychological tricks. Some phishing mails create a sense of urgency: “Your account is blocked!”, “You need to act fast!”, “We need payment ASAP!” and so on. Others play on fear: “Urgent virus alert!”, “Your password is blocked!”, etc. Think about the context of the mail. Is it likely someone would actually say this?
• Check the link. By hovering your mouse pointer over a link, you can see where the URL is going to take you if you click. Is the link safe? Does it look like the right site?
• Carefully evaluate the sender and web pages before acting. Is this a site or person who should be asking for this information? Most genuine emails don’t ask you to provide sensitive information.
• Encrypted doesn’t always mean safe. A secure, encrypted connection to a website (https: // plus the padlock icon) basically only guarantees a secure connection without any eavesdropping. The fact that the page is secured with https really says nothing about whether the page is reliable or not. Many people aren’t aware of this, and more and more phishing sites are using https to abuse people’s trust. With that in mind, it’s very important not to blindly trust https.
• You’re only human. Phishing is often difficult for people to spot in every case. That’s why it’s also crucial to keep your operating system and programs up to date. This can help prevent hackers and cybercriminals from exploiting security vulnerabilities present in older software versions.
• When in doubt, ask the experts. The security team is always there to help you, so if you’re ever in any doubt, get in touch with us at security@oda.com — even if you’re not an Oda employee! Security is everyone’s responsibility.