Skip to content 7 Cybersecurity Red Flags You Need to Know

7 Cybersecurity Red Flags You Need to Know

Receive free IIBA updates and exclusive content!    

October is Cybersecurity Awareness Month and professionals across the globe are working together to help raise awareness about cybersecurity. The National Cybersecurity Alliance explains this year focus as “Do Your Part. #BeCyberSmart. The theme empowers individuals and organizations to own their role in protecting their part of cyberspace. If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.” 

Did you know social engineering is an escalating way cybercriminals are tricking users into performing actions that lead to security breaches? In a recent IIBA webinar, presenter Erich Kron, Security Awareness Advocate at KnowBe4, shared his seven social engineering reg flags you should be aware of.


Do Your Part. #BeCyberSmart

There’s no doubt, cybersecurity is on the rise. In fact, since COVID-19, the US FBI reported a 300% increase in reported cybercrimes. In these unprecedented times, cybersecurity is now everyone’s responsibility. Everybody, both in a personal and professional context need to be aware and vigilant against rapidly growing cyber-attacks.

Did you know social engineering is an escalating way cybercriminals are tricking users into performing actions that lead to security breaches? In a recent IIBA webinar, presenter Erich Kron, Security Awareness Advocate at KnowBe4, shared his seven social engineering reg flags you should be aware of.  

1. From 

Who’s the email from? Contemplate these tips: 
  • I don’t recognize the sender’s email address as someone I ordinarily communicate with. 
  • This email is from someone outside my organization, and it’s not related to my job responsibilities. 
  • This email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character. 
  • Is the sender’s email address from a suspicious domain? 
  • I don’t know the sender personally and they were not vouched for by someone I trust. 
  • I don’t have a business relationship nor any past communications with the sender. 
  • This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I haven’t communicated with recently.

2. To

Who’s the email addressed to?  
  • I was cc’d on an email sent to one or more people, but I don’t personally know the other people it was sent to. 
  • I received an email that was also sent to an unusual mix of people. For instance, it might be sent to a random group of people at my organization whose last names start with the same letter, or a whole list of unrelated addresses. 

3. Hyperlinks 

Consider these when looking at hyperlinks. 
  • I hover my mouse over a hyperlink that’s displayed in the email message, but the link-to address is for a different website.  
  • I received an email that only has long hyperlinks with no further information, and the rest of the email is completely blank. 
  • I received an email with a hyperlink that is a misspelling of a known web site. For instance, — the “m” is really two characters — “r” and “n.” 

4. Date 

Take a good look at the date and time. 
  • Did I receive an email that I normally would get during regular business hours, but it was sent at an unusual time like 3 a.m.?

5. Subject 

Check out these tips on email subject lines. 
  • Did I get an email with a subject line that is irrelevant or does not match the message content? 
  • Is the email message a reply to something I never sent or requested? 

6. Attachments

Review these when receiving attachments. 
  • The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. (This sender doesn’t ordinarily send me this type of attachment.) 
  • I see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .txt file. 

7. Content 

Consider these key points.
  • Is the sender asking me to click on a link or open an attachment to avoid a negative consequence or to gain something of value? 
  • Is the email out of the ordinary, or does it have bad grammar or spelling errors? 
  • Is the sender asking me to click a link or open up an attachment that seems odd or illogical? 
  • Do I have an uncomfortable gut feeling about the sender’s request to open an attachment? Or click a link? 
  • Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know? 

Discover More Tips and Best Practices

Want more tips and insights about Social Engineering? Watch Security Awareness Advocate Erich Kron, explain more in IIBA’s OnDemand webinar Cybersecurity: How Social Engineers are Pulling our Strings

Also, explore the basics of cybersecurity with IIBA and IEEE Computer Society’s robust cybersecurity certification program, which covers what business analysis professionals need to know to be prepared for today’s cybersecurity challenges. 

The joint IIBA and IEEE certification program provides the credibility of a joint certification and the opportunity to learn key cybersecurity concepts and tools business professionals need to demonstrate core competencies. 




About The Author:
Tiffani Iacolino

Tiffani Iacolino is a Product Marketing Manager at IIBA® and has 15+ years of marketing experience across the legal, technology, telecommunications, publishing, media, and professional services industries. She’s passionate about delivering meaningful products and solutions to the business analysis community, including IIBA’s latest offering the Cybersecurity Analysis Learning and Certification Program. Hailing from the Greater Toronto Area, she enjoys an amazing cup of coffee, running, and yoga -- between chasing her two adorable children!