Phishing scams are a hacker’s favorite tools. Phishing is a cyber-attack through email or a malicious website that is designed to collect usernames and passwords to steal important documents or customer account information.
These scams may look like they’re from a friend, family or even a boss. With available email tools that feature a name, how often do you check the actual email address that the message was actually sent from?
A phishing scam comes in two forms. One scam might just ask for information such as a supervisor emailing an employee for a list of employee files. In this situation, the supervisor would be a scam artist pretending to be a real person. The information that they get may not be sensitive, but it allows for the hacker to plan their next step.
The other form of phishing scam is to post as a company or website where the user has an account. The email directs them to a website, but once the user clicks the prompt, they’re directed to a fake site that is posing as a real one.
A phishing scam might be trying to get private information from an employee, and it is not connected to your company. Or it could be trying to find a way past your security defenses of your company.
Today’s cybercrime industry is very organized and the one sending the phishing emails, may not be the hacker in question. Hacking groups can have several different positions; one could be an expert at probing security defenses, another an expert in long-term hacks. That is only a couple of examples, the same way your company has specialized roles, so does theirs.
Here are some guidelines to help employees be smart about phishing e-mails:
1. Train your employees to be suspicious of any email that asks for personal information – regardless of it’s their own or someone else’s.
2. Make sure employees immediately update their browser and antivirus.
3. Make sure your antivirus includes phishing protection.
4. Look for signs of forgery, things like strange formatting and spelling mistakes that seem unusual of the sender.
5. Never provide personal information via email. If it appears to be from a boss or co-worker, check the source and make sure the source is correct. An employee can always double-check that their boss or co-worker really sent them the message by simply asking them.
6. Make sure when entering personal information online, that the URL begins with “https://” and that the URL is spelled correctly. Make sure that a lock icon appears beside the URL. You can click on this to see the website’s security certificate.
7. Report any suspicious messaging as phishing scams. If they’re directly related to your company, make sure they are given to IT. If your IT department sees a pattern of phishing attempts, they may be able to identify where it all began.
One of the best solutions is to use a platform like Microsoft Office 365. Microsoft collects information regarding cyber-attacks from a wide range of users; they can forecast and guard against potential threats. It’s one major advantage of going with a big company.
When migrating to Office 365, it is important to run a health check beforehand to make sure that all software is compatible, and workstations, servers, and devices are reviewed, and that your system is ready for a smooth transition to a more secure platform.