October is Cybersecurity Awareness Month. In this third installment of our three-part series, we'll discuss how to verify if a message is malicious or not.
Verify, Verify, Verify
At first, it seems harmless – until it isn't.
It's critical to remember that with phishing scams, things are never what they seem. A message can look and even sound legitimate, but still set off a warning bell if you know what to look for.
If you do not have 100% confidence in a request, take extra steps to verify it's legitimate before you click a link, download a file or reply with sensitive data. Here are some common warning signs that link may be suspicious:
- Links with hyphens and symbols (scammers may pair these with known brands to lure you in).
- Links with IP addresses (if you don't see a known domain name – e.g., mmc.com – be cautious).
- Shortened links (services like TinyURL and BitLy may be used to mask a source).
- Masked links (hover over a link to see the true URL)
If you're not sure about the link, don't click – use a search engine to verify the legitimate link. Also, be extra careful on mobile devices – for example, hovering over a link doesn't typically work on your phone.
Other steps to verify that the request is legitimate before clicking or taking any action: research the request, contact the company or ask for help from your organisational support. It just takes a minute to confirm a questionable message!