Phishing Attacks are on the Rise
Over the past few months, Fully Managed has been monitoring the increase in phishing attacks being reported across multiple industry channels. As attacks become more prevalent, it's important to understand the problem, know what to look for, and educate your team on how to prevent an attack on your business.
What is Phishing?
Like most cybersecurity threats, phishing emails, websites, and phone calls are designed to steal money. Typically, phishing schemes begin when cybercriminals attempt to send an email that appears to be from an actual contact ("spoofing"). The emails will often request personal information or money transfers, or include a link for the recipient to click to "confirm your account".
Unfortunately, those links are monitored by the criminals to gather your information in order to access your accounts and manipulate people in your network.
Cybercriminals also use social engineering by pretending to be CEOs or friends and relatives in an attempt to convince you to install malicious software, hand over your personal information, or wire money under false pretenses. Phishing attacks can come from a number of sources — emails, phone calls, and websites are just a few examples.
Why are Phishing attacks on the rise?
As more and more people rely on electronic communication for their day-to-day operations, there is a better chance that emails will be opened and links will be clicked without proper inspection of the message itself. This allows the criminals into your network and from there they are likely to attack more people.
3 things you can do to protect your business:
- Check the sender, then check it again.
Be diligent in checking the name and domain that emails are coming from. Reputable companies will send from @companyname.com not @companyyname.com. (Did you notice the extra 'y' in the second example? Phishing is usually very subtle.)
Also be wary of links within emails. Never click a link without knowing who sent it to you and where the link goes!
- Beware of anything 'fishy'. (No pun intended.)
If the email seems strange, it probably is. For example, banks, vendors, and other reputable companies will never ask you to reply to an email with sensitive account information. If you are being asked to wire or transfer money, proceed with caution! Do you know what the money is for? Is there an Invoice, PO or documentation for products and services that you recognize? When in doubt, seek a second opinion before doing anything.
And remember, large companies like Microsoft, Google, and Amazon will never send an email with typos or grammatical errors, and they will never send an email threatening to delete your account if you don't take action right away.
- Report phishing attempts immediately, even if you already clicked.
Despite being vigilant, it is still possible to click on a phishing email. When this happens, users are often too embarrassed or afraid of repercussions to come forward. Keeping phishing attempts a secret puts the rest of your organization at risk. Seek assistance immediately if you encounter a phishing attempt, whether you clicked on a link or not.
Fully Managed clients can Contact Support 24 hours a day, 7 days a week for help.
If you have questions regarding phishing attacks, or want to learn more about Fully Managed Security Solutions, Contact Us today.