What is phishing?
Back in the early days of the internet, Nigerian princes would descend from their throne and send email offers of untold riches, only if you supplied your bank information to them. Of course, it was a scam and most people have since learned to ignore and move on. On the other hand, hackers have also gotten smarter, using more sophisticated methods to attempt to get your information, commonly known today as phishing.
Phishing happens when a malicious person sends an email to try and trick another person into giving them private information, especially financial information. It happens most often through email but also occurs over phone (vishing) and text (smishing). In 2018 alone, the FBI reported over $2.7 billion dollars in losses related to phishing attacks.
How can your company prevent phishing attempts?
Harnessing the power of users and the power of technology is the best way to help the fight against malicious attacks. Train your employees how to recognize phishing emails and encourage your users to report any strange emails before they click. Use technology to your advantage. Set up spam filters, enable multi-factor authentication, keep your systems up to date, install a comprehensive anti-virus program, and enable browser add-ons and extensions that prevent users from clicking on malicious links.
When opening an email, ask questions such as:
- Do I recognize the sender, and am I expecting an email from this sender? (sometimes senders can be spoofed – so confirm before you click!)
- Did I receive an email that I normally would get during business hours, but it was sent at an unusual time like 3 a.m.?
- Are there spelling or grammatical errors? Is the message awkwardly written?
- Is there an unusual attachment included?
- If I hover over the link, does the same website show up or is it misspelled? (If the hyperlink looks like somebody mashed the keyboard, open a separate browser and type in the website you need to go to rather than click)
- Is the message demanding, urgent, or threatening?
When in doubt, always call the company or person directly before giving out any personal information.
Security is every user’s responsibility. When every person is dedicated to keeping security at the forefront, your company can prevent attacks better. Always remember: if it sounds too good to be true, it probably is.