Knowing this information could save your business
There were 14.5 billion spam emails sent every day in 2018. The odds are pretty good that you received a few of those. Surprisingly, the good news is that only 2.5% of those emails were scam and fraud emails (a.k.a. phishing emails). The bad news is that three out of four companies fell victim to phishing scams in 2016. The numbers don't look very good, but just like any form of risk, there are ways to increase the odds in your favour. The key is knowledge; the more you know about phishing, the better chance you have to protect yourself and your business from it.
What is phishing?
Phishing is one of the most common forms of cyber attack. It's a type of social engineering used to trick a person into providing sensitive information through the means of digital communications. There are multiple techniques of phishing, but in the end, they all have the same goal. Email used to be the primary method but now it includes social media, messaging apps and text messages. It's human nature to try to determine trustworthiness quickly; that's how we survived sabretooth tigers and other predators. Unfortunately, this is what phishing relies on. The digital communications used will look like they come from a trusted source (spoofing), to manipulate a person into performing the desired action. The action might be clicking a link, entering information or opening an attachment. In any case, once this happens, the sender has what they need.
How do you spot phishing?
There are many ways to spot a phishing email. The more that you and your employees know, the easier it will be to protect yourselves from becoming a victim. Here are nine ways to help you spot a phishing email:
- The email asks you to confirm personal information.
- The URL and email addresses do not look genuine.
- It's poorly written.
- There's a suspicious attachment.
- The message is creating a sense of urgency and designed to make you panic.
- Hovering over the links displays an unfamiliar URL.
- You didn't initiate the action that is in the email.
- There's a request to send money to cover expenses. This approach is why accounts payable is a frequent target.
- Curiosity is used to entice you to want to more information.
You've been phished!
In the case that you or someone in your business falls victim to phishing, would you know what to do? Below are the steps to take to prevent any further damages:
- Call your IT support team
Your IT support team will know what to do, so make sure to let them know ASAP. If you don’t have an IT support team, follow the next steps yourself.
- Take the affected computer offline
If the computer isn’t connected to the network then it can’t spread the phishing link to other people through a contact list.
- Change passwords
Change all passwords associated with the compromised accounts and all accounts that use the same password.
- Cancel or change accounts
If financial information was provided (credit cards or bank accounts), cancel and/or close the accounts and get new ones. It will take some time to transition, but that’s better than losing money.
- Contact the company or person that was spoofed
There’s an excellent chance that the person whose name was used to send the phishing email may not know that their account has been compromised. Letting them know is not only courteous but could prevent further damage.
- Scan the device for viruses
Some phishing attempts are designed to install malicious programs on your device. Be sure to scan for viruses before resuming regular use.
- Keep an eye on things
Watch out for signs of identity theft and put a fraud alert with the major credit bureaus in your country.
How to prevent phishing
There are a few ways to prevent your employees and company from being victimized by phishing:
Education is essential because the more you know, the better equipped you are to prevent bad things from happening. You can have your employees go through a workshop and run a test afterwards to see who’s applying the lessons learned.
- Think before you click
Many phishing attempts will try to get the user to click on a link to install malware or take the user to a different site to convince them to input sensitive information. Before clicking any link, it might be worthwhile to ask yourself some questions; "What's the purpose of the link?", "Is there anything that seems odd about this link?"
A firewall will protect your business by filtering out the junk. Having an enterprise-grade device will make sure to minimize the phishing attempts that make it to your employees’ inboxes.
- Keep applications up to date
Those notifications you get that tell you an update is required aren't there to annoy you. They exist to protect you. Keeping your applications updated will make sure that any vulnerabilities are patched and eliminated.
- Strong passwords
The more complex and unique your passwords are, the better. You also want to make sure that you keep your passwords private. If, like most people, you and your employees struggle with remembering passwords, consider using a password manager such as LastPass, KeePass, 1password, Dashlane and Keeper.
- Public WiFi
If you or your employees are going to use public WiFi, make sure to avoid working with or accessing sensitive material. With the right knowledge, a person could watch what you’re doing on your device and even gain access to your data.
If you’ve implemented all of these steps, you’re a lot less likely to fall victim to a phishing scam. Sharing this article with others who might find value in it is a great way to pay it forward as well. TLC Solutions wants to take things one step further to provide you with even more confidence. Contact one of our sales representatives and they’ll walk you through how to host a workshop training session for your team.