The threat to your business’s cyber security and data privacy can literally keep you up at night. With cyber threats continuing to rise year after year, it is hard to stay up on the latest threats and scams. Cyber attacks usually begin with spear phishing. Educating your self and your employees can be one of the best ways to protect business from and spear phishing and phishing attacks.
What is Phishing? It is a targeted online attack to steal confidential information. It is usually aimed towards the masses and is extremely difficult to detect. Phishing is most likely to happen when an attacker sends a fraudulent email to trick an employees into believing that an email is being sent from a reputable source. The hope is that the recipient will give up personal information such as emails, passwords, login credentials or credit card information that they can use against them. Spear Phishing is another form of an attack where attackers often disguise themselves as a trustworthy source and make contact with their target via email, social media, phone calls (often called “vishing” for voice-phishing), and even text messages (often called “smishing” for SMS-phishing).
End users really are the weak link in IT security and cyber criminals know this. Attackers are targeting the most difficult vulnerability to protect, your employees. It only takes one successfully phished employee to compromise your entire network, potentially exposing the private, sensitive data of all your clients. Most organizations do not sufficiently test their users’ security awareness to determine which are most susceptible to interacting with malicious content.
What can you do to protect yourself as a business owner? Here are several ways to not only spot Phishing Attacks, but protect yourself from them.
How to Spot Phishing Attacks
Here are 6 ways you can spot a potential phishing attacks:
- Generic greetings: The opening lines of phishing emails are often very vague and general in nature. If the email doesn’t sound like it should have come from the source, this is a red flag.
- Typos or Poor Grammar: A poorly written email is less likely to have come from a legitimate company. In addition, do not be tricked if the email happens to include a legitimate-looking logo.
- Urgency: Phishing emails often sound alarmist, trying to scare you into taking action (and sharing your information) immediately.
- Fake Links: Phishing emails routinely obscure the URL addresses, and instead take you to an unsecured site where your sensitive data is solicited. To see exactly where a link will take you, simply hover over it. If in doubt, don’t click it. Instead, open a new browser session and manually enter the address (i.e., don’t copy and paste) you want to visit.
- Attachments: Delivered via email attachments, malware that is executed (i.e., the attachment is opened) allows a hacker to exploit vulnerabilities on your computer Never open an attachment unless you are sure it is legitimate, safe and expected. Be cautious with any unexpected invoices from companies you’re not familiar with, as attachments might contain malware that installs upon opening.
- Spoofed Sender: A hacker will try to impersonate someone you’d normally trust (e.g., coworker, bank, government agency) in an effort to get you to let your guard down.
How to Protect Yourself
Here are eight effective ways we have found to protect you and your company from phishing attacks:
- Use a Quality Spam Filter – Set up an email filter to help determine which emails are spam and which are not. Spam isn’t going away any time soon. It is a billion dollar business. If you have a quality filter in place, it can help you detect malicious emails before they hit your inbox.
- Use a Pass Phrase – Make sure you are not using the same password on all of your accounts. it is best to use the first letters of a pass phrase that only you would know. Make sure you don’t use names of kids, pets, or hobbies that a potential hacker could guess about you by visiting your online social accounts. Pass phrases have been proven to be one of the best methods to keep your login credentials safe.
- Avoid Sharing Personal Information Online – What type of information are you posting on the internet? Make sure that your privacy settings are set up correctly so you aren’t sharing too much information about yourself online.
- Update your Software – When your software has an update, it is important to make sure you update it right way. A lot of the programs we all use have security updates that will help keep you safe. Working with the right MSP can take the headache out of remembering when to update your software. At Protek it is our job to make sure your programs are up to date so you are protected.
- Use Logic When Opening Emails – If you ever have a doubt if an email is legitimate, ask a colleague or friend. Hover over the URL to make sure it is really from the right source. When in doubt, go directly to the site from where the email is coming and log in that way.
- Implement a Data Protection Plan – If you haven’t set up a data security plan for your company, this should be a high priority. Making sure you have the right software and tools in place can save you tons of money against cyber attacks. Hold an employee awareness training to educate your team on ways they can not only identify an attack, but ways they can prevent it from happening and ensure everyone is using the internet safely.
The best way to protect yourself from phishing threats according to SonicWall is to recognize and avoid these common phishing tactics. By following these simple steps and contacting your MSP provider, you can make sure you are one step of the bad guys when it comes to cyber attacks. If you have any questions about cyber security and how you can create a cyber security plan to avoid phishing attacks, contact us at www.proteksupport.com or 801.290.0362