Plenty of cyber attacks can be traced back to a phishing scam, esp. the high profile ones. The scams aim to steal personal information and employee credentials or to plant malware on their system.

As noted in the 2015 Verizon Breach Investigation Report, creating a network of “human sensors” through internal education can be just as effective as almost any technology at detecting phishing attempts.

Training should consider these four warnings:

1.Context – Understanding the context of an email can help determine whether it is from a legitimate source. Make sure to consider any email before opening.
2.Content – It is crucial to understand the origin of a hyperlink before clicking on it, especially if any part of it is misspelled. Think Faecbook.com vs. Facebook.com.
3.Composition – Usually this will be an important indicator of where or from who this email might originate. For example, if a bank sends an email with no logo, no signature and in plain text, it might be cause to give them a call.
4.Communicator – Even if a message comes from a known sender, it is necessary to thoroughly look through the email for the above signs, as some hackers might even have information about people in your network (based on details obtained through of social networks, etc.).

Employees need to remember that any public information can be used against a victim. Use caution when posting on social networks. So it is important to remind employees that their Internet footprint can have a serious impact on security.

Source: SCMagazine