DON’T GET PHISHED! 8 TIPS TO BOOST YOUR EMAIL SECURITY

Cybercriminals use phishing emails to spread malware or to acquire valuable personal and financial data, such as your Social Security number, credit card details, or passwords for online accounts. This enables them to steal your identity, your money, or both. If your employees are duped, the consequences can be devastating for your business, customers, and reputation.

Phishing scams are mostly associated with emails, but can come in many forms, including social media messages, pop-up ads, “vishing” (voice phishing by phone), “smishing” (phishing by text message), and “pharming” (luring victims to fake websites).

Unfortunately, phishing is a problem that has reached epidemic levels. The IRS, reported that, for this past June and July (when they disbursed pandemic relief payments), phishing attempts “reached levels we haven’t seen in more than a decade.” A report from Digital Shadows found scammers posing as well-known and reputable organizations, including the World Health Organization and the Centers for Disease Control and Prevention.

There are no fool-proof methods to prevent phishing, but it is quite possible – and essential –  to reduce the risk of being ensnared in a phishing scam.

1. Keep your software up-to-date!

This includes your anti-malware software of course, but also means staying current with security patches for your operating system and any packages your business uses. These security updates can conceivably save you from a world of pain.

2. Be very wary about links in branded emails.

Phishing crooks love to pose as companies with whom you are already doing business. They are counting on you to click on that fraudulent link without thinking twice  – but you must think twice! Make sure that the domain on both the sender's email address and any links match that of the actual site as you would find it via a search engine. Roll your mouse over the link and email address to ensure that they match the text displayed.

3. Avoid oversharing personal information on social media.

Avoid sharing your position, job title, location, company and even age on social media (except for sites like LinkedIn and Slack). Such date can be “weaponized” by scammers to make their emails appear more authentic.

4. Learn your associates’ personal communication styles.

Are there words, phrases, or formatting that they typically use? Do they have am identifiable signoff? This familiarity can help you detect and reject impersonators.

5. Notify your IT team of suspicious emails.

If you are suspicious of an email, then forward it to your IT team. That will give them the opportunity to investigate and, if necessary, both block the sender and warn your colleagues. BUT DON'T OPEN THE EMAIL OR CLICK ON ANY LINKS. If you do, however, do tell your IT team immediately.

6. Be wary of generic addresses.

What’s a generic address? customerservice@, help@, hr@ itsupport@, or payroll@, to name a few. These may be legitimate, but you should be suspicious, especially if the sender asks for any personal information. Check the sender's identity before responding, even if that means making a phone call.

7. Make sure you and your workers know the red flags.

• Generic greetings (e.g. Dear Customer, User, Colleague, Friend).
• Inconsistent or unusual sender information (e.g. email domain, sender name).
• Poor formatting (e.g. poor quality logos, inconsistent font sizes and colors)
• Spelling/grammar mistakes
• Alarming content with dire warnings and claims of serious consequences, often coupled with a need to act urgently.
• Incorrect facts (e.g. locations/names)
• Offers of financial rewards or penalties
• Lack of legally required links to unsubscribe

8. Trust your instincts.

If it sounds too good – or too bad – to be true, it often is. Remember, a key phishing strategy is to rattle you and to throw you off balance so that you are more likely to react instinctively and reply as requested. You are not likely to ever receive a real email from the IRS, the DEA, or some rich Nigerian prince who urgently needs your help.

Shield Information Solutions provides client-focused “all-in-one” managed IT management services to organizations in diverse industries in the lower Hudson Valley and Bergen County area. Our experience, expertise, and proactive approach help ensure several substantial benefits, including: more predictable monthly IT costs; proactive monitoring and maintenance; regular software updates; optimal return on IT investment; and minimal downtime. If you’re looking for an IT partner with a backup plan that fully protects your business while lowering your monthly costs, please call Lee Sentell at 845-613-0600 or visit www.shieldinformation.com.