Cybercriminals use phishing emails to spread malware or to acquire valuable personal and financial data, such as your Social Security number, credit card details, or passwords for online accounts. This enables them to steal your identity, your money, or both. If your employees are duped, the consequences can be devastating for your business, customers, and reputation.
Phishing scams are mostly associated with emails, but can come in many forms, including social media messages, pop-up ads, “vishing” (voice phishing by phone), “smishing” (phishing by text message), and “pharming” (luring victims to fake websites).
Unfortunately, phishing is a problem that has reached epidemic levels. The IRS, reported that, for this past June and July (when they disbursed pandemic relief payments), phishing attempts “reached levels we haven’t seen in more than a decade.” A report from Digital Shadows found scammers posing as well-known and reputable organizations, including the World Health Organization and the Centers for Disease Control and Prevention.
There are no fool-proof methods to prevent phishing, but it is quite possible – and essential – to reduce the risk of being ensnared in a phishing scam.
This includes your anti-malware software of course, but also means staying current with security patches for your operating system and any packages your business uses. These security updates can conceivably save you from a world of pain.
Phishing crooks love to pose as companies with whom you are already doing business. They are counting on you to click on that fraudulent link without thinking twice – but you must think twice! Make sure that the domain on both the sender's email address and any links match that of the actual site as you would find it via a search engine. Roll your mouse over the link and email address to ensure that they match the text displayed.
Avoid sharing your position, job title, location, company and even age on social media (except for sites like LinkedIn and Slack). Such date can be “weaponized” by scammers to make their emails appear more authentic.
Are there words, phrases, or formatting that they typically use? Do they have am identifiable signoff? This familiarity can help you detect and reject impersonators.
If you are suspicious of an email, then forward it to your IT team. That will give them the opportunity to investigate and, if necessary, both block the sender and warn your colleagues. BUT DON'T OPEN THE EMAIL OR CLICK ON ANY LINKS. If you do, however, do tell your IT team immediately.
What’s a generic address? customerservice@, help@, hr@ itsupport@, or payroll@, to name a few. These may be legitimate, but you should be suspicious, especially if the sender asks for any personal information. Check the sender's identity before responding, even if that means making a phone call.
If it sounds too good – or too bad – to be true, it often is. Remember, a key phishing strategy is to rattle you and to throw you off balance so that you are more likely to react instinctively and reply as requested. You are not likely to ever receive a real email from the IRS, the DEA, or some rich Nigerian prince who urgently needs your help.
Shield Information Solutions provides client-focused “all-in-one” managed IT management services to organizations in diverse industries in the lower Hudson Valley and Bergen County area. Our experience, expertise, and proactive approach help ensure several substantial benefits, including: more predictable monthly IT costs; proactive monitoring and maintenance; regular software updates; optimal return on IT investment; and minimal downtime. If you’re looking for an IT partner with a backup plan that fully protects your business while lowering your monthly costs, please call Lee Sentell at 845-613-0600 or visit www.shieldinformation.com.