We’ve just released a free resource for recognizing phishing scams called “Recognizing the Danger in Your Inbox.”  It’s an interactive, web-based mini training course that takes only four (4) minutes to complete.  Why?  Because user attention spans are short.  Although comprehensive phishing education certainly requires more than what we’ve included in this free training, you have to start somewhere.

In this module, we focus on one thing:

When a sender’s e-mail address does not match an existing contact, you’ve likely caught a phish.

Even for some computer users, examining an e-mail address is confusing.  They may be easily fooled into thinking that if a keyword appears in it, it has to be legitimate.  (This is problematic with URLs, too.)  We show a technique for searching your inbox for the e-mail address in question.  If it doesn’t look like you’ve received messages from it before, it could be an impersonation attempt!  The best part is that you don’t have to be tech savvy to use this technique.

We hope that if you’re in charge of security awareness in your organization, you’ll make use of it in your security awareness program. View the free training here.