What You Need to Know About Phishing Scams
You may think you and your employees are too smart to fall for phishing scams.
You’ve done your reading, you’ve educated your team, and yet it still happens. Someone clicks a link or opens an email attachment they shouldn’t.
In phishing attacks, criminals send emails that appear to be from reputable sources. Their goal is to convince employees to reveal personal information to gain access to systems or make fraudulent transactions. They use social engineering to trick your staff into doing something they normally wouldn’t do.
What To Look For
Phishing works because it is based on an understanding of human behavior. Here, humans are the weak link. For example, someone might pose as an employee of a bank, hospital, or tech company and try to elicit personal information.
How can you defend yourself? Educate and re-educate your team about cyber-security. A single training session has proven not to have a lasting benefit. Read each email with a critical eye.
- Generic greetings are often a giveaway. To save time, criminals often send out large batches of phishing emails and don’t customize the greeting. An email might say, “Dear Valued Customer” rather than “Dear Pat Smith.”
- Forged links that appear valid may trick the reader into visiting a website that loads malware onto their computer. Roll your mouse over the link and see if it matches what appears in the email. If there’s a discrepancy, don’t click the link.
- Requests for personal information never come through email or phone calls if you’re dealing with a legitimate firm. In fact, many reputable companies will not call you unless you ask them to call.
- You get a sense of urgency. Criminals want you to act now—they don’t want you to stop and think about what you’re doing.
Four Steps to Take if You Suspect a Phishing Scam
A successful phishing scam can open your company up to data leaks and breaches. It can mean your systems are compromised and, if not addressed, can lead to the loss of customer trust. Government fines and costs to repair the damage can mount quickly, too.
Besides keeping your software up-to-date, there are practical steps you can take to protect yourself:
- Continue to educate yourself and your employees on the latest phishing scams. Don’t assume you’re too smart to fall for one.
- Develop detailed policies and procedures on what users can and can’t do. Do have your team sign off stating they understand these procedures. Remind them periodically.
- Don’t click on links that go directly to websites. Instead, type the URL into your browser’s search bar.
- Implement two-factor authentication for an extra layer of protection.
If you suspect a phishing scam has compromised your systems, don’t wait and call us immediately at 925.827.1200.
We at Cantrell’s can help you with your cybersecurity strategy. Call or email us at firstname.lastname@example.org to schedule a cybersecurity evaluation. We can discuss your options, conduct an audit to determine your level of risk, and help you recover from a phishing attack. Call us at Cantrell’s Computer Sales & Service today.