IT Security, How to Avoid Harmful Phishing Attacks
Among the growing concerns with the COVID-19 pandemic is the growing danger of IT Security with the emphasis on phishing attacks. Cyber criminals are taking advantage of the situation with more employees working from home.
What is Phishing?
Phishing is an attack used by cyber criminals to trick you into giving up information, clicking on a malicious link, or taking some action (e.g., wiring money, etc..). Phishing attacks come in many forms and are most commonly seen through Emails, but they can come through any message.
A phishing message will attempt to entice you in taking an action such as clicking on a malicious link, opening an infected attachment, or responding to a scam.
In addition to generic attempts, people need to be on the lookout for Spear Phishing campaigns. These are targeted exercises in which a cyber-criminal will craft the phishing exercise to you specifically. These emails will look like they came from a friend, be relevant to your interests, address you directly or any number of different ways.
Cyber criminals send out these messages to millions of people every day around the world, but with the COVID-19 pandemic there is a growing number of virus specific attempts.
How to Identify a Potential Phishing Attack? The following are a few rules to help identify phishing emails and avoid being the victim:
Check the Email Address- If the email address appears to be legitimate, but the email is coming from a generic email source such as @gmail.com, @hotmail.com it may be an attack. It is important to always check the “TO” and “CC” fields to see if the message is being sent to people you know or work with.
Be Aware of Generic Greetings– Always be leery of generic salutations like “Dear Customer” in an email. If the organization is one that you trust and they have a need to contact you, they should have your information. Ask yourself if you’re expecting an email from that company. Companies you work with won’t be asking for personal information, their records from your business should be up to date.
Grammar Matters- Watch out for grammar or spelling mistakes. Most businesses proofread their messages carefully before sending them and poor grammar could indicate a potential threat.
Avoid “Immediate Action”- Be leery of messages that indicates that you “need to take action now” or use language that creates a sense of urgency. This is a common way to get people into rushing into action, instead of questioning the request.
Don’t Click That Link or Open That Attachment– Watch out for links that you’re not expecting. When dealing with a link in a message, hover over it to see the true destination. If it doesn’t match what’s in the email, it is an indication of an attack.
Sounds Too Good to be True- If it seems to be too good to be true, it probably is. While we all hope to win the lottery, odds are that you didn’t.
Pick up the Phone- If an email came from one of your contacts, check to see that it falls in-line with what they normally send. If in question, check with the person sending the e-mail and alert them that their company’s e-mail may be compromised and alert your companies team that there may be a phishing attack on your company. When in doubt, call to confirm.
Remember, be careful and always question the emails you’re interacting with. Taking time to review, being cautious and ensuring that you’re practicing safe techniques will help keep you and your organization safe.
If you have questions or would like more information on how Century’s team is able to manage your companies IT, e-mail us at [email protected] or contact your representative at 1-800-529-1950.