Security is a critical to protect your business and your personal safety. In today’s digital world, it is paramount to ensure you are protecting yourself from threat. Email is one of the most popular communication mediums available to us today. Email phishing has become one of the most common security threats that consumers and businesses will face. Our team of security experts converged to pull together 7 tips to avoid phishing scams and help you stay safe.
Phishing you say?
Phishing is when attackers will fraudulently send emails disguised as a reputable company with the goal of manipulating people into sharing personal information. This includes passwords and credit card data or to click on a link that seems harmless but will install malware onto the user’s computer.
The reliance on email as a communication mechanism and the limitation of not being able to see or hear who it is being sent from makes email the perfect platform for attackers to gain trust and access. Phishers often see email as a numbers game where they are able to rapidly send out thousands of emails with the higher the likelihood of their efforts being rewarded. Email addresses are quite easy to obtain due to lists being sold regularly thus making everyone a target. While there are technical safeguards available for SPAM and Phishing, they are not 100% and end users training is the best defense.
Defending Against Phishing
1. Trust your gut
If an email looks or feels off to you, even if it looks like it is legitimate, trust your instincts. Everyone at this point has seen a SPAM or phishing email. They sometimes contain typos or grammatical errors, unprofessional imagery, and often look less professional than you’d normally expect. If you receive an email from someone you don’t know directing you to sign in to a website, be wary, especially if that person is urging you to give up your password, account information, or social security number. Legitimate companies would never ask for this information via email, so this is a red flag. Your bank or creditors do not need you to send your account numbers they already have that information.
2. Investigate the Sender
Be sure double-check the “From” address of any suspicious email; some phishing attempts use a sender’s email address that has been manipulated to look like it was from someone you know or it could be similar to, but not the same as, a company’s official email address. Hovering over the from address or simply clicking “reply” will usually uncover some more information
3. URGENT SMURGENT…
If you see a message that’s trying to get you to respond “urgently” by sending personal info or clicking on a link, BE WARY! Call the company directly and ask. When it comes to your personal information or the safety of your data it is better to be safe than sorry. Scammers often impose bogus deadlines and will sometimes even use threatening tones in their messages to suspend service or impose fees.
4. Click with Caution
In the age of email marketing, Links and redirects are often found in just about every email we see. These links are tools phishers will utilize to gain access to your computer and simply because a link is typed out and looks like a normal hyperlink doesn’t mean the destination is authentic.
The safest way to find out if a link is real is to simply hover over it with your mouse (WITHOUT CLICKING) and look at the link’s destination in the lower left corner of your browser. This is the real destination, regardless of what the text says. Although it is a little more time consuming, you can type or copy and paste the URL manually into a new search bar.
It is also critical to be caution of shortened links. Link shortening tools such as Bitly are popular since they save character count and look cleaner than a long hyperlinks. Watch out for shortened links anytime you’re tempted to click, as they might lead to a fake landing page.
5. Change Password Frequently
Yes, can be a pain and we often find people use linear passwords (keep adding +1 to the end). Best Practices, don’t use the same password more than once, change them frequently, use some complexity (don’t use your name, use caps, use numbers and letters, use special characters)… We all know the drill but this, like diet advice, is often easier said than done but we are far more secure if we build a plan and stick to it.
6. Never Remote Access to Strangers
There are schemes where someone will reach out pretending to be from a well-known security firm to tell you that you have been hacked and wants to help you install security software protection on your computer.
- Never install anything from an unverified source over the phone.
- Never give that unverified source access to your computer.
If you need assistance give us a call or go and see your local tech geek and they can help.
7. See Something, Say Something (About Phishing)
If you have been sent a phishing email to your email it has been sent to others as well. You read my blog and were prepared to avoid attack but that does not mean that others are as informed. Here are some steps you can take to help others
- Alert your IT Staff or Manager
- Notify co-workers
- Inform Family Members
- Send a notification to the organization being used in the scam
If You Think You’ve Been Phish’ed
Change your passwords immediately to include email accounts, banks and financial institutions, your computer logins, everything. The sooner you can lock them out and slow their progress, the better. Call your banks and credit cards to inform them. Notify the IT support staff or your manager at work. They’ll be on high alert for unusual activity. Contact your IT staff or a local IT professional to install trusted security software to remove malware from your computer. This diligence will help to avoid phishing scams ensure further harm such as theft or ransomware.
If you or your organization needs help feel free to reach out to our experts and we can assist – (410) 468-2975 or open a ticket HERE