As a business owner, there are a plethora of cyber security threats that your business faces on a day to day basis. One threat that we constantly see are phishing scams. The scams are simple but, they are also highly effective at tricking a user into giving up private information. Even the most tech-savvy individuals are fooled by phishing scams. All users need to know what these scams look like and how to avoid them. It doesn’t take much to compromise a system and even the simplest clue, such as a username and/or password can be all the information that an enterprising hacker needs to compromise your systems.
For this reason it is imperative that you and your employees be hyper-aware of phishing schemes and the best ways to avoid them.
What is a phishing and how do you recognize it?
Microsoft defines phishing as: “Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.”
Not all phishing scams are as easily identified as the Nigerian prince just dying to send you his personal fortune. Many phishing scams are sophisticated efforts that use advanced social engineering techniques to fool an unsuspecting or inattentive users into handing over sensitive information. Over 90% of all data breaches originate with a phishing scam which is why cyber criminals spend so much time and effort perfecting their approach.
Some of the most common impersonations that cyber criminals use are banking, IRS, paypal and major consumer sites like Microsoft, Amazon and Facebook.
Below is an example of phishing emails and as you can see they look pretty official.
Tips To Protect Against Phishing
There are some simple tips that may seem basic, but are essential to ensuring you protect yourself as much as possible.
Pay Attention To Emails That Appear Suspicious
Businesses are not going to request sensitive personal information via email. Any email that asks for personal information should raise suspicion. Instruct employees to ignore any emails asking for anything related to account information, passwords or any other sensitive information, unless they are specifically expecting that email. If you receive an email that you are suspicious of, call the sender to confirm the email’s veracity. if there is a need to enter sensitive personal information, perhaps for a renewal of services, go directly to the service provider’s website rather than clicking on an email link. If you do need to enter personal information via an email, make sure the link goes to a legitimate website that you recognize or preferably go directly to the website.
Check website addresses
Most people don’t pay close attention to the site that they are clicking on when they click a link. But you can reveal the actual link that a “Click Here” button or text link an email is pointing to. When hovering over a link, the user can simply preview the site, and if it’s not going to the actual company site or a website that they recognize, then clicking on that link could invite numerous problems, including a potential phishing website or installing a piece of malware onto the users device.
Always know what links you are clicking on and where they lead
Everyone has experienced that feeling of “I shouldn’t have clicked on that one!” as pop ups and malware start spreading on their computer. Many browsers will give a preview of where the link leads before you click it especially if the website is questionable. If you don’t recognize the link you’ll be clicking to or are worried about the title, don’t click it.
4. Don’t input personal information unless you are sure of the website
Yes we are belaboring a point here. Reminding them to NEVER give personal information if there is even a shred of doubt. Always check in the upper left corner of the URL in your web browser that it s a secure site.
We realize that this kind of information may seem remedial. But you should never assume that your employees know these things. Education is the best way to mitigate your security risks.
See how easily your company can secure itself
Just click the button below, tell us who you are, how to reach you, and a couple of dates that work for your calendar. We’ll email or call to confirm shortly.Reserve Your Appointment Now!