With every cyber attack, it becomes increasingly clear that no one is safe from data breaches or cyber extortion. Whether you are an employer that stores proprietary data or an individual with financial and personal information at risk, hackers won’t rest until they have what’s yours. And their tactics continue to evolve.
Cyber criminals have a variety of tools and techniques at their disposal, including malware, ransomware and disrupted denial-of-service attacks. One of the most common and difficult-to-spot strategies hackers use is phishing scams, which require minimal technical know-how and can be deployed from anywhere in the world via a simple email.
In broad terms, phishing is a method cyber criminals use to gather personal information. In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information.
With every opened email, users risk becoming the victim of monetary loss, credit card fraud and identity theft. What’s more, successful phishing attacks oftentimes go unnoticed, which increases the risk of large and continued losses, particularly for businesses.
Even in the face of highly funded cyber security measures, phishing scams can be financially devastating. In one example, tech giants Facebook and Google were phished for over $100 million each, proving that protection from online scammers doesn’t come easy—even for Fortune 500 companies.
Phishing is becoming more sophisticated by the day, and it’s more important than ever to understand the different types of attacks, how to identify them and preventive measures you can implement to keep yourself safe.
The following are some other tips to avoid becoming the victim of a phishing scheme:
- Be overly cautious of suspicious emails, deleting them immediately. Be particularly wary of emails that:
- Come from unrecognized senders
- Ask you to confirm personal or financial information
- Aren’t personalized
- Are vague
- Include threating, frightening and persuasive language
- Never enter personal information or click links in a pop-up screen.
- Avoid emailing personal or financial information, even if you think you know the sender.
- Hover over and triple-check the address of any links before you click them.
- Avoid replying to the sender if you suspect an email is malicious. If you recognize the individual or company sending the suspicious email, follow up with them offline to ensure they meant to contact you.
- Report the attack to your employer and the FBI’s Internet Crime Complaint Center.
- Verify a website’s security. Legitimate websites will have a URL that begins with https, and you should see a closed lock icon somewhere near the address bar.
- Review your online accounts regularly and use different passwords for each one. Most importantly, review your bank and credit card statements to ensure that all transactions are authorized.
- Keep your browser up to date and use firewalls.
- Run anti-virus and anti-malware software on a regular basis. Reputable venders include McAfee, Symantec, Malwarebytes and Avast.
Additional considerations for employers
While the above prevention tips are important, there are additional concerns for employers. A company could have the most top-of-the-line cyber security measures and still fall victim to phishers. Just one employee opening a malicious email can compromise an entire network. To protect themselves, businesses need to do the following:
- Implement a data protection program. Train employees on common phishing scams and other cyber security concerns. Provide real-world examples during training to help them better understand what to look for.
- Segment networks if possible, keeping sensitive information separate. This can help prevent the loss of an entire network should one employee fall victim to a phishing attack.
- Filter emails and websites.
- Have employees use unique usernames and passwords. In instances where employees share credentials, hackers can cause major damage to your business simply by compromising one employee.
Get informed and stay protected
Cyber attacks, including phishing schemes, aren’t going away. In fact, they’re becoming more sophisticated. It’s no longer enough to simply install anti-virus and anti-malware software. To truly protect yourself, it’s crucial to stay informed on the most recent cyber attacks and up-to-date protection strategies.
In addition to providing risk management tips for both employers and individuals, Lacher can help keep you informed on the biggest happenings in cyber security. Contact us today to learn more ways to stay cyber safe.