What is Phishing?
Phishing is a method that hackers use to gather a person's personal information through deceptive emails and websites. To do this a hacker will send out an email and they will appear to be a user of a reputable company or a familiar contact. The email will usually contain a request or a link that the hacker has set to look like a legitimate website, so that they get you to click on it. The website will ask you to “log-in” or provide personal information. The login credentials and personal information are then captured, and the hacker can begin to use the information they gathered to gain access to your company servers, resources, applications, and more.
Stay Alert When Answering Your Emails
Phishing emails are becoming more common, especially with people in remote work environments. Getting virtual requests from your colleagues is becoming the norm and much less suspicious than they would have been if you were all sitting in the office with them. For this reason, it is extremely important that you are on high alert and do not give out personal or sensitive information through email. Most phishing scams will request confidential information such as passcodes, social security, credit card information, etc. If you notice this type of request, make sure you check where the email was sent from and get confirmation that it is legitimate.
How to Protect Against Phishing?
Check the Email Source:
When you receive a phishing message, it will usually be sent from a recognizable name, but if you look at the actual address that it was sent from (by hovering over it), it will reveal if it is real or not. Many times, the name and address do not match when it is a phishing message.
Avoid Requests for Confidential or Personal Information:
You should always be on high alert if you receive an email that requests personal information such as social security numbers, credit card information, phone numbers, usernames, passwords, etc. Phishing emails often contains deceiving messages that will urge you to enter or provide this type of information.
DO NOT CLICK ON LINKS:
Phishing emails can contain links that will bring you to a fraudulent website that may look identical to one you use every day. Once clicked on or visited, the site can give hackers access to confidential information. You should type the website address into your browser and conduct your activities that way instead of clicking on the link in emails.
- Be careful opening emails that contain:
- Gift promotions
- Similar interfaces to a well know site
- Too good to be true rewards
- Messages requesting money (or gift cards!)
Have all team members go through cyber security training monthly and conduct monthly simulated phishing campaigns. The training will help your team identify a legitimate email from a phishing email. The simulated phishing campaigns will help gauge how your team is doing by identifying phishing emails and which team members require additional training.
Protect Accounts with Multi-Factor Authentication (MFA):
MFA is the use of a secondary mode of authentication when logging into a website, application, portal, etc. You probably have used MFA when you get a code sent to your phone and you have to enter that code to access something. With MFA, if you inadvertently fall victim to a phishing attack and provide credentials, the hacker will still have to go through that second level of authentication, and you will be put on alert that there was an attempt to access your information. This will make it more difficult for the hacker to gain access to your systems.
For more information on how Usherwood can help train your users in cybersecurity risks, reach out today!