Almost everyone at one point or another has looked at an email and wondered if it was legitimate. And for good reason. In 2020, financially motivated breaches were up to 86% of all attacks, up from 71% last year, and 22% of these breaches were due to phishing.
So, what exactly is phishing and how do you and your business protect against it? Phishing is the sending of fraudulent emails to obtain personal or secure information such as account numbers, credit card information or security codes. Phishing emails are difficult to detect, and they are getting more sophisticated every day. Once you click on a link or open an attachment, it’s often too late. But there are ways to identify a phishing email and steer clear. The critical thing to understand is that the bad actors are becoming very sophisticated in how they approach corporations, in particular. They will often infiltrate a company’s email system to gain an understanding of the company hierarchy, who employees communicate with frequently (including customers) and then spoof (i.e. mimic an internal or external party) an email to selected targets for sensitive information, payment requests, password resets, or simply to get the user to open a malware-infested document or link.
The most important step is to stop and think before you click. When you see an email that causes suspicions ask yourself:
- Have I ever been asked for this information before?
- Given what I know about the person who sent the message, does this sound like them/is it something they would say or request?
- Would a person/company ask me this?
- Is there consistency within the email?
- Is there correct grammar, spelling, etc.?
- Is there an attachment that you weren’t expecting?
If it contains a link or a document and you were not expecting it, do NOT open it without verifying the legitimacy of the link/document with the person that you think sent it. Call or message the contact or email them (a new email) to validate that they sent you the email. Be aware that the bad actors will respond to replies to a phishing email; therefore, use another means to communicate with the person who you think may have sent the message.
By taking these few simple precautions, we’re confident you can stay out of the net!
Need help or guidance in putting a security program in place to help mitigate phishing and cyberattacks on your employees? Reach out to us today.