Over the past few years, many businesses have fallen victims to email phishing, which has resulted to huge losses, both in terms of money and time.
Phishing is the term given to email messages that look real but are actually fake messages designed to get you to reveal passwords and other sensitive information. They typically link to websites that are almost indistinguishable from the real thing. Even the domain names can be so similar that an expert might have a hard time recognizing that they are imposter websites. As a result, many business people and professionals are wondering what measures can be put in place to ensure that you are well protected from phishing attacks.
Awareness is power
Staff may or may not know how common phishing is, and they may discount the severity of their impact. Just as the phishing techniques keep, you need to keep learning about them from your IT professionals, so that you and your team are able to spot these emails from a distance.
Read carefully and confirm
With the current state of technology and the increasing speed of daily life, human beings are becoming less patient, which is fertile ground for phishing attacks. Read through everything before attempting to follow a link. Spelling errors are dead giveaways. Be especially wary if the link contains a downloadable file. If there’s a .zip file, Word or Excel document, or PDF attachment and you weren’t actually expecting to receive it, contact the sender through a different method (i.e. phone call or text) to ask them if they sent that message.
Also, make sure to confirm any and all requests for invoice payments or financial transactions. It’s common for phishing attacks to be long, patient processes where email activity is monitored over time to see patterns of invoices and payments and similar actions. That’s why fake requests can seem just like legitimate ones and happen at the normally scheduled times.
It’s common for phishing attacks to be long, patient processes where email activity is monitored over time to see patterns.
Type instead of clicking
Ask yourself if that request to login to review an invoice, or to update information makes any sense. Even if it does, it’s usually better to never click on a button of this type in an email, because the URL it points to is likely hidden from view. When the URL is visible, it’s not always easy to tell if it’s legitimate because mailing list services modify the address for tracking purposes. So instead of clicking the button, type in the known domain name and login that way, or use a bookmark if you have one set. It may be a hassle, but the inconvenience of a few keystrokes is a lot less than what the business can face if one phishing attack reveals a critical admin login that can impact the entire organization.
The biggest cyber security threat comes from employees answering a phishing email that looks legit and not realizing how it can impact the business. Your IT provider provides valuable protection in the form of firewalls and malware scanning, but it helps to train your staff in helping to protect the business, as they are your front line of protection.