Our email inboxes are constantly under attack. 76% of organizations say they experienced phishing attacks in 2017, and those attacks have cost organizations over $600 million¹. It’s important to educate yourself (and your employees!) on the logistics of phishing attacks so you can fend them off.
Phishing is when criminals pretend to be a valid sender or organization and attempt to steal your important information. One method phishers use to steal information is through fake emails. These emails contain links to authentic-looking websites, and attempt to lure people into revealing personal information.
According to Symantec’s 2018 Internet Security Threat Report (ISTR), over 14.5 billion phishing emails are sent every day all over the world.
So how can you avoid being a victim of these rampant phishing scams? Follow these 10 basic tips:
1. Examine Email Addresses
Email scams come well-disguised. While some are easy to spot (e.g. containing misspelled words, or odd sender names), others are deceptive and closely resemble emails sent from a valid sender. If you hover over the sender name, you can identify what address the email is coming from (see below). If you don’t know the sender, DO NOT click on any links or attachments included in the email.
2. Examine Links – Hover over links to view actual website address
Often, hackers and malware distributors try to conceal the destination of the phishing site by using hyperlinks. Hyperlinks can disguise an actual link’s final destination (AKA target URL)- for example, an email may say “Pay your bill immediately… click here”, or it may show an actual URL like this: http://instantbillpay.org. But you often can’t immediately see where you will end up if you click on the link.
Similar to our first tip, it is important to hover over a link to verify the target URL before you click on it. The target URL will appear as a pop out window, or on the bottom footer of your email. If the URL looks fishy (no pun intended), don’t click it!
3. Watch for Suspicious Requests
Have you ever received an email where the sender requested your email password? Or said you elected to cancel an account (but you didn’t)? This should immediately raise a red flag – the sender could be disguised as a valid entity (such as Gmail), but is actually a hacker attempting to steal your personal information. Before you share your information, pick up the phone and call the entity to verify it is a legitimate request.
NOTE: Be careful that you call a valid phone number for that entity – some phishing emails may go so far as to list a phone number to call… we recommend locating an official support line for that entity (legitimate numbers are typically found on a company’s website).
4. Keep your computer and web browser up to date
Keeping your computer and web browser up to date helps to prevent any vulnerabilities from being exploited. If you are running on a Windows device, you can easily update your computer by navigating into the Control Panel and accessing Windows Update Settings. Browsers are typically upgraded automatically, but in case you needed the latest version you can also download it on the browser’s website. See a few basic browser update links below:
Updating computers can be time consuming, and it is often tough to keep track of updates while handling the many other demands of your business. Hiring a full-time IT monitoring service or employee is a great way to allow yourself to focus on your customers and business.
5. Check your accounts and change passwords regularly
Phishing scams exploit important information like login credentials. Phishing can be elusive and account hacks often go unnoticed. Therefore, its best to check your accounts regularly for any unauthorized access, and to change your passwords often.
6. Use professional antivirus software
If someone in your organization does fall victim to a phishing cyberattack, an anti-malware software can assist in preventing a hack from occurring on your network. Make sure this software is up to date with the latest definitions. It is also a smart idea to have someone monitor your software to ensure all updates are made quickly and effectively.
7. Count on Authenticated Sites
If you visit a website, ensure that your data is encrypted and protected. How can you know? A protected website includes SSL encryption usually signified by a padlock located near the URL of the website. When you click on the padlock, you can see the name of the organization that applied for SSL encryption. If the names do not match, it is probably not a safe site!
8. Update your Browser and Use Popup Blockers
NEVER click on a popup! Instead close them from the system tray menu. It’s important to regularly update your browsers and increase browser security settings. Browsers like Google Chrome offer add-ons that help to remove popups from appearing on your device.
9. Don’t open unknown attachments unless you know the sender and are expecting the document
Is that email attachment malware in disguise? Spear phishing is an email spoofing technique where the sender targets a specific organization and personalizes their email attack. Even if an email is addressed to your organization, or has your managers name on it, it could contain malware.
If you are unsure about an email’s content/source and you can’t contact the source via phone, search the email on google. You may find that other users have received the same email, and can assist you to verify the email’s legitimacy.
10. Stay Informed
In the end, it all comes down to preparation and smart-clicking! If you don’t open the door for a hacker to attack, you will greatly reduce your likelihood of downloading viruses. Be aware of security-related news, consistently monitor and update your networks, and feel free to ask us experts for any advice!
Kitsap Networking Services, Inc. is a great, local choice for outsourcing your I.T. Let us handle your updates, backup, antivirus, and employee technical training… so you don’t have to!
1. “Wombat 2018 State of the Phish”
2. Phishing image courtesy of www.vecteezy.com