Protect Your Employees From Phishing Attacks

With the easing of COVID restrictions we will once again have the opportunities we’ve missed like seeing friends, playing group sports, visiting family members in person, or getting back into the office. Just as it took us time to find ways of adapting throughout the pandemic, we should also expect to take some time to adjust to life after lockdown and restrictions. Everyone will adapt differently, so try not to judge what others are doing. You can only control so much, so be mindful of the things that are out of your hands. Having an action plan for managing what you might find difficult can help. Everything from how you feel about going back to the office, to how you’re feeling about being on public transport again. Start planning, and control what will make you feel more at ease.

Cybercriminals are constantly finding new ways to get around the latest defensive tools and technologies, landing themselves in the inboxes and browsers of your employees. According to Forbes, in 2021 alone, 85% of data breaches involved the human element, with 94% of malware delivered via email. These are staggering numbers and proves that everyone is susceptible to a phishing attack.

Phishing attacks are counterfeit communications that appear to come from a trustworthy source, but which can compromise all types of data sources. Attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems–such as point of sale terminals and order processing systems–and in some cases hijack entire computer networks until a ransom fee is delivered.

Sometimes hackers are satisfied with getting your personal data and credit card information for financial gain. In other cases, phishing emails are sent to gather employee login information or other details for use in more malicious attacks against a few individuals or a specific company. Phishing is a type of cyber-attack that everyone should learn about in order to protect themselves and ensure email security throughout an organization.

One careless click has the potential to compromise your entire network. The slightest modification to a URL or email alias can trick you into clicking a malicious link, downloading malware, or sharing sensitive information. Phishing attempts are often generic mass messages, but the message appears to be legitimate and from a trusted source (e.g., from a bank, courier company).

When checking for hyperlinks: The destination URL will show in a hover pop-up window near the hyperlink. Ensure that the destination URL link equals what is in the email. Additionally, be cautious about clicking on links that have strange characters in them or are abbreviated.

Evoking a sense of panic, urgency, or curiosity is a commonly used tactic. Users are typically quick to respond to emails that indicate potential financial loss or that could result in personal or financial gain.

Emails that have an aggressive tone or claim that immediate action must be taken to avoid repercussions should be considered a potential scam. This technique is often used to scare people into giving up confidential information. Two examples of this are phishing emails telling users their critical accounts are locked or that an invoice must be paid to avoid services being suspended.

All phishing emails contain a link, but links are not always in the email. To avoid detection by email security filters, hackers will include a phishing link in an attachment, such as a PDF or Word document, rather than the body of the email. The email itself will appear to be from a legitimate business, vendor, or colleague, asking you to open the attachment and click on the link to review or update information.

This might be the most important rule – do NOT open any attachments until you are 100% sure the sender is legitimate. If the email is indeed a phishing attack, the attachment will contain malware that will expose your computer the second the document is opened. It doesn’t hurt to check with your IT team or contact the sender through an alternative channel for them to verify the attachment.

The methods the “bad guys” employ are constantly evolving to find new ways to trick you. With this rapid evolution of cyber-attacks, how can you possibly stay informed with the current trends? Thankfully, Compu-SOLVE offers monthly cyber security training through our partners at KnowBe4. The monthly security training modules focus on emerging trends to educate you and your team so you can identify current scams and methods in use by threat actors, helping you avoid falling victim to these schemes. Individualized reports are also generated based on your completed training which display your personal risk score to identify how prepared you are to handle a potential cyber risk.

Contact the Compu-SOLVE team today to learn more about our cyber security training.