New phishing scams plague businesses every single day. And spear-phishing campaigns are becoming increasingly sophisticated.
Phishing is more than just the obvious scams you find in your spam folder. And even if something does get through, surely everyone knows that poorly written emails asking for your bank account info or passwords are scams. Right?
If phishing were that simple, it would be extinct. But that’s not the case. Phishing seems to be getting more effective. Some of 2016’s most noteworthy attacks were the result of relatively basic phishing scams.
Your business endpoint protection and “conventional wisdom” catches 99 percent of what gets thrown at you, the one percent is more than enough to ruin your day, week, quarter, or year.
Safe to say that security products are a big part of the puzzle. But awareness is needed to complete the picture – especially amongst people most likely to be targeted. Management, HR and staff that receive numerous emails from outside the company.
Here’s a few tips you can use to help keep the phishers out of your business.
What’s going on with the domain?
Phishing emails typically either have a malicious attachment or direct users toward a malicious website. If you’re sent a link, you can check it by simply hovering your cursor over it for a moment so the URL shows up. Also check for any strange characters or other anomalies with the URL as a red flag.
Is the sender a real person?
Another thing to consider is whether or not the person’s identity is real. A quick Google search should help you find any social media profiles they might have. Depending on what information you have about the person (for example, their profession, their location, etc.), you may or may not be able to verify that the person is real. If you don’t get a good solid result, consider it a red flag and delete the email.
If the sender is a real person, are they who they say they are?
If you’re able to find some social media profiles, you need to consider whether the email is actually from the person.
Always double check the “from” field. Spear-phishers often trick email clients by setting the “reply-to” field in an email. So if you get an email from someone that doesn’t match their regular address (even if you know the person or have them in your address book), treat it with suspicion.
Now, these aren’t foolproof. Sometimes you’ll get a message from someone claiming you have a mutual acquaintance, asking you to confirm some information or something of that nature.
It might sound paranoid to some, but it’s better to err on the side of caution and try applying some of this advice to anything that just “feels wrong.”
Talk to Total Computer Technology to work out the best security solution for your business.
Follow us on LinkedIn: