10 Tips to Follow
Falling for a phishing scam can be no only embarrassing, but a true danger to your organization and confidential information. Anyone who uses the Internet must know how deal with them.
You’ve been hearing about phishing scams for years, and probably think that only gullible people fall for these obvious security hacks. However, even CEOs fall for them, and there may come a day when you fall for one, too.
Phishing attacks are increasingly sophisticated and becoming more difficult to spot. How can you avoid getting caught in the net of a phishing scam?
Phishing Scams Defined
There are several types of phishing attacks. In general, they include any type of fraudulent activity that attempts to steal personal information using the Internet. Attacks from ID theft of personal passwords, personally identifiable information, credit card numbers and more take place daily in mass quantities around the world.
The term phishing started with hackers, who historically used “ph” instead of “f” in typing, and is one of the key ways that cybercriminals are able to trick people into giving out sensitive data. Phishing attacks can come via pop-up messages on websites that aren’t secure, or via emails asking for personal information. It’s important that you maintain the tightest security posture when checking email, browsing on social media sites, or surfing the Web.
Between WannaCry and the latest ransomware attack dubbed Petya, these hacker-led appeals for Bitcoin and other non-traceable currencies are happening around the world with increasing frequency—and with devastating consequences. Hospitals, financial institutions and even airports are being targeted as high-return targets.
The common theme is a seemingly innocuous pop-up letting users know their files have been encrypted. The next message tells them how to pay the ransom to the hackers, who (supposedly) will unlock the code once the money arrives. Global security concerns caused by ransomware are increasing. These attacks have the potential to shut down a business when they can’t function without their data.
Your Employees Are an (Unintentional) Threat to Security.
It may seem that your employees are intentionally causing problems when they continue to fall for phishing scams, even with repeated training. However, are they just complacent or is there a real issue? The truth is, the majority of employees are reactive, and expect that any messages that find their way to a corporate inbox have already been vetted through rigorous security protocols.
The frightening fact is that while nearly 10 percent of phishing scams can lead to a data breach, most employees aren’t on a constant lookout for threats. Plus, there’s an overwhelming ignorance about the security dangers on unsecured public WiFi, over email, on the Web and even on the phone. Threat actors are upping their game–And stressed, overworked business people simply may not stop to think about the dangers of clicking on that pop-up for free or deeply-discounted pizza.
10 Anti-Phishing Tips
It’s getting tougher to avoid phishing attacks simply because they don’t look as “fishy” or fake as they used to. Today’s hackers are smart and subtle, and they’re constantly honing their craft in the hopes of getting more people to take a bite out of what they’re offering. Here are some tips that IT professionals suggest to stay safe:
- Beware of banner ads, especially those offering gifts that are too good to be true.
- Never share personal information from a link clicked in an email. Stick to the phone or a website that you proactively navigated to over a secure connection.
- Be cautious when receiving a non-personalized email from an individual you only know slightly, and that asks you to open an attachment or share information.
- Don’t post personal details on social media. Hackers always look for information about where you work, your habits, friends and family members.
- Monitor your banking and other financial activity at all times to ensure you catch any identity theft before it gets out of hand.
- If you have the slightest question about whether activity is suspicious or not, report it to your IT service provider or technical team.
- Bump up spam filters to their max settings. Yes, you will likely miss a few emails from friendly sources, but you’re more likely to block criminal activity with tighter security settings.
- Tell your teams to refrain from providing company or personal information to an inbound caller.
- Ensure that your systems have all the latest software updates and security patches.
- Keep passwords updated and require complex passwords for all systems.
Promoting cybersecurity awareness at your organization can go a long way towards keeping phishing attacks from taking hold. Want to learn more about cybersecurity and how to stop phishing attacks in their tracks? Contact OnServe at (613) 634-8125 or via email firstname.lastname@example.org. Our security professionals will work with you to ensure your software is always up to date, and that all avenues for digital entry to your network are protected.