It's OK to be Paranoid.
Online scammers are constantly evolving. They’re no longer pretending to be an Iranian prince short on cash in hopes a sympathetic soul wires them money. Now they're posing as businesses and sending emails, expecting you to click on a link to pay a bill, track a package or renew your account. Another common trick is for scammers to pose as your boss or coworker, and ask for help getting gift cards, processing a check or requesting sensitive information.
What exactly is “phishing”?
Phishing is a scam in which targets are contacted by someone posing as a legitimate business or person to bait individuals into providing sensitive data, like passwords and credit card details.
Who is most likely to be targeted?
“Anyone can be a victim of phishing, but employees with executive and management titles are most likely to be impersonated on phishing emails,” Mike Lager, HawkPoint's IT Manager, said.
How does it work?
There are a few different varieties of phishing emails you may see. The message may come from someone you know asking for help, it could contain fake links or it may have a malicious attachment that contains malware.
Typically these tricks are designed to extract money. Scammers will hijack usernames and passwords to make purchases, open credit card and bank accounts, and even sell personal information on the dark web. They may also wish to gain access to your network or computer to install ransomware programs, and hold your files hostage until you pay to get them back. "This is one of the many reasons why it's extremely important to have a robust backup system," Mike says.
It's OK to be paranoid. Just like Mom used to say, better safe than sorry. If a hyperlink is used to disguise a web address, hover over the hyperlink to display the full URL. (Please note: not all phishing scams will use such obvious web addresses as used below.)
You can also check in with sites like FraudWatch International, who publish the latest phishing details and examples of the emails.
Here are some additional guidelines to protect you from phishing attacks.
- Trust no one. Just because they say they’re your mom, doesn’t mean it’s actually your mom. Does the message “sound” like your mom? Just pick up the phone and call her—you get brownie points and stay safe.
- Do NOT click the link. Even if it’s a site you recognize, visit it by typing the address directly into your browser and navigating to the referenced page, or enter the site through your preferred search engine.
- Do NOT open the attachment, especially if you don’t recognize the source. If you weren’t expecting a document from the sender, then it may not be legit. Unless you’re 110% positive it’s from a trusted sender, delete it and don't look back.
- Backup your files. You never know when you’ll need to restore your computer back to factory settings.
- Activate two-factor authentications on accounts that support it. This provides additional protection if your password is comprised.
- Never share personal, sensitive or account information over email. This includes, passwords, bank account numbers, social security numbers, etc.
Interested in finding out how gullible your employees are? Connect with us to put them to the test. We'll help you implement KnowBe4, a powerful security awareness training. This service is valuable, and highly recommended by us at HawkPoint.
According to KnowBe4, 91% of successful data breaches started with spear phishing attacks.
"We recently recommended KnowBe4 to a few of our clients, and we’re hearing great feedback about the effectiveness of this program," Mike said. "Your employees are a line of defense, and it's important to invest in their security training."
Oops, I clicked a bad link, now what?
You may have clicked a link by accident, or you were fooled to thinking it was legit. It happens. Some scammers are tricky and use a hyperlinked image as the body of an email, which makes accidental clicking even more likely, especially on a mobile device.
Reach out to your IT department right away if you clicked on a bad link. Trust us, they'll stop whatever they're doing and investigate.
If you’re unsure about an email you received, check with your favorite IT guy for closer inspection. If you don’t have a favorite IT guy, request a free assessment with our team!