Phishing scams have been around for decades and are still used for one simple reason: they work! Scammers use spam emails or messages to entice users into clicking infected links where they share their emails and passwords. That’s all it takes to steal your private information. Believe it or not, almost one-third of employees still fall for phishing emails!
Why is this? Are savvy hackers creating more convincing phishing emails? Or are too many employees simply being negligent when it comes to cyber security protocol? Whatever the reason, it’s important to understand the risk phishing scams pose to your business and private security.
Don’t Get Hooked: How to Detect a Phishing Scam
Phishing scams are essentially a two-part process:The spam email, text or social media message to grab your attention is the first, and second, the bogus login page used to steal your sign-in information. Before we get started, it’s important to say that if you have even the slightest inkling that you are being spoofed, do not sign in! The best thing you can do is to shut down your browser and type the intended URL yourself.
“URGENT Action Required”: Fraudsters want to get your personal information, so they will often include eye-catching subject lines and calls to action to get you to share your password. Look out for vague and bogus warnings like “your account needs immediate attention” or “your account has been compromised.” Legitimate sites and services are well aware of phishing scams, so they won’t ask you to share your personal information via email or redirect you to a sign-in page via an email link.
Generic Greetings:Phishing scams are generally sent on a massive scale. If you want to catch more phish, you’re going to cast a bigger net. In doing so, spammers will usually label their messages as “Dear Valued Customer” or “To Our Members.” Of course, this isn’t the only way hackers snare users. More advanced spear phishing scams target a single user and sometimes send spam from a coworker’s hacked email account.
Listen to Your Gut:Be on the lookout for other telltale signs such as spelling errors, botched corporate logos, unrealistic promises or threats, or anything just plain fishy. Use your head. A bank will not close your account because you didn’t respond to an email nor will you be awarded big bucks for sharing your password on an online form. Stay suspicious and stay safe.
Educate Your Employees:Businesses are often the target of cyber criminals because they hold a significant amount of data including financial records. By educating your employees you can greatly reduce the chances of infiltration at your organization. Encourage your employees to ask questions and report any suspicious emails or account activity.
What Are the Risks?
Once cyber crooks have you on the hook, they will use your personal information to empty your bank accounts, charge your credit cards, sell your information on the dark web, commit identity theft, spread spam emails and malware, or even lock you out of your own accounts until you pay a ransom.
The personal information gathered through phishing scams can also be used in an automated web attack. For example,credential stuffing is an automated web attack that uses stolen username and password pairs to gain access to someone else’s account. If you reuse passwords for multiple online services, you are opening yourself up to hacker infiltration on a number of sites and accounts.
Thankfully, you can protect yourself against phishing and automated web attacks by following a few simple rules:
- Avoid opening emails, downloads and links from people you do not know well.
- Use stronger password protocol.
- Avoid sharing your information via email, pop ups or suspicious sign-in pages.
Follow these rules and you can avoid phishing scams while you surf the web.