February

“Recognizing & Defeating Email Threats”

Phishing Awareness

February focuses on Phishing Awareness—teaching employees to recognize and defeat email-based cyber attacks that account for over 90% of data breaches.

Cautionary tale: The CEO Fraud That Cost Millions

In 2016, a major tech company lost $47 million to a sophisticated Business Email Compromise (BEC) attack. Attackers impersonated the company’s CEO and sent urgent emails to the finance department requesting wire transfers for a supposed acquisition. The emails were so convincing—matching the CEO’s writing style and sent during his known business trip—that three separate transfers were approved before anyone verified the requests directly..

The Lesson: Even sophisticated organizations can fall victim to social engineering when verification procedures are bypassed.

Email Security Best Practices

  • Verify Sender Identity: Check email addresses carefully. Attackers use spoofed addresses that look similar to legitimate ones. Look for subtle misspellings, extra characters, or different domains.

  • Think Before Clicking: Hover over links to see the actual URL before clicking. Be suspicious of urgent requests and threats. Phishing emails often create false urgency.

  • Don’t Open Unexpected Attachments: Verify with the sender before opening attachments, even from known contacts. Attackers frequently compromise legitimate accounts.

  • Use the Phish Alert Button: Report suspicious emails immediately. Your security team needs to know about attacks targeting your organization.

  • Enable Email Authentication: SPF, DKIM, and DMARC help prevent spoofing and verify sender legitimacy.

February Checklist

  • Complete phishing awareness training module
  • Review and update email security policies
  • Test employees with simulated phishing campaign
  • Verify SPF, DKIM, and DMARC email authentication
  • Deploy Phish Alert Button to all mail clients
  • Review and clean up email distribution lists
  • Establish verification procedures for financial requests
  • Train finance team on BEC attack indicators
  • Review email retention and archiving policies
  • Document incident response procedures for email compromises
Symbol Security

Ready to Implement This Month's Security Focus?

Deploy automated security awareness training with Symbol Security. Schedule simulations, track progress, and measure improvement across your organization.

Get Started Today View Full Calendar