Nearly 1 in 5 users will click on a link within a
Every day, phishers send out links and people unknowingly infect their devices and systems with malware. If you have a “team” monitoring your account, the impact can be minimized. But for a lot of people the consequences are disastrous. Do you know what to look for?
According to a 2015 Verizon report, over 20% of people will click on a phishing email. Questioning any email that seems strange is the best way to avoid being phished. Humans are trusting by nature and phishers and other scammers rely on that to take advantage of people. Do you feel like something is off? Do you wonder why a company would email out this type of message? If anything feels off you need to check a few different things to ensure you are safe.
Best Practices to Evade Phishing Attacks
- Be aware of email requests with high urgency that ask you to take quick action. Phishers often prey on employee trust and will spoof executives to get you to comply with high urgency actions like wiring large amounts of money ASAP. Or in my case, losing my matching benefits if I didn’t immediately comply. As a rule of thumb, if you are ever in doubt, double-check the request with the sender either by phone or by composing a new email—never reply to the email itself.
- Never give sensitive personal or financial information over email. Trusted parties will never ask you for personal or financial information through email (e.g., social security numbers, account numbers, credit card numbers, passwords, etc.). Be cautious of emails that ask you to call a phone number to update your account information as well.
- Don’t click on links from messages that contain misspellings. If an email from a well-known company is formatted badly, has obvious misspellings or is unrelated to the product or company, this is a red flag.
- If an offer seems too good to be true, it probably is. Offers ofbig bonuses, large payments or gifts (e.g., win a free iPad) are ways attackers try to get inside your head. If the promise is “too good to be true,” do some research into the individual or company before taking action.
- Think about whether you initiated the action. Phishers will try to spoof well-known companies to have you reset your password, update your account or track a shipment. Always be suspicious of unsolicited email, if you didn’t prompt a password reset — don’t click the link.
- Be careful about what you post publicly to social networking sites. If your social networking profile is public, avoid sharing birthdays, kidss’ names, or detailed business information because attackers will use it to get clues about what your passwords might be.
- Stay educated on tactics used by attackers. Currently, these attacks look like urgent emails coming from a boss or colleague, and attachments tend to look like a voicemail, fax or shipment tracking slip.
- Don’t send or store passwords in email. Attackers that get access to your email account will search for anything of value and passwords are a high-value target.
- Act quickly. If you accidentally click on a link or think that you have been phished, talk to your IT department, put a stop on a wire transfer or alert other people in the organization – immediately.
The ultimate cautionary tale: whaling can cost companies millions. And sadly, the news is full of stories of executives (and other employees) falling for phishing emails.
Could your company be next?
- Educate your users and executives
- Deploy comprehensive protection and protect your “attack surface”
- Plan for the worst case scenario