There’s no question that digital safety and data security are serious concerns for everyone these days. Businesses big and small simply cannot survive without some kind of security program in place.
While some of the more common cyber attacks include viruses, malware and ransomware — the latter being particularly buzz-worthy these days — there’s one staple that poses an even bigger challenge: phishing.
What Is Phishing and Why Is It So Dangerous?
You’re probably well aware of the basics of phishing and similar attacks. It’s where an attacker or thief will pose as a legitimate contact or source with the intent to gather sensitive information from you. But what makes it particularly dangerous — and common — is that it has evolved into many different forms.
Some of the earlier phishing attacks were exclusively carried out via email. Thieves would send an email from a fake address, usually designed to look legitimate in some way. The email itself would be a near-clone of official communications, complete with titles, logos and more. The nastiest attacks might involve something like PayPal, with thieves directing vulnerable users to a mockup portal where they’d enter account information and passwords, thinking they’re logging in to the service. Instead, the thieves simply capture the information, tap into the account and carry out their nefarious schemes.
But we’re way beyond that now. Phishing emails do still happen, and often, but attackers use a variety of more sophisticated methods to trick people. Where it can cause the most damage, especially for businesses, is when employees and company partners are tricked into providing proprietary information or access to systems.
How to Avoid Phishing Scams
Luckily, there are a few ways to protect yourself and your team from potential phishing scams, and they’re all relatively easy to execute. Here are some ways to spot potential scams, as well as avoid them altogether:
1. Always Travel Direct
Never follow a URL embedded in an email, on unknown sites or even included in local documents — especially if you’re visiting a portal that asks for credentials or personal information. Instead, go directly to the site in question. For example, don’t follow a PayPal link included in an email. Go right to the official site instead.
2. Check the URL
Most phishing sites or portals will try to imitate the official channel in some way, but there’s no way to get an identical URL. Look for small discrepancies or things that don’t make sense. If the URL doesn’t match up with the site you’re visiting, proceed with caution. This works for spotting phishing emails, too. Check the “From” field to see if the address matches up with an official contact or URL.
3. Mind the Grammar
A large majority of phishing attacks come from foreign parties who do not practice English as their primary language. Even domestic attacks are often carried out by people who have no grasp on the written word. Look for grammatical errors, misspellings and even factual mistakes. If a “contact” is asking for your password via email, but the company they “work for” clearly says on their website that they never do this, you know something is up.
4. Stay Private
Never share your personal information with an entity or contact you do not trust. More importantly, never share passwords and accounts, don’t save financial details, and always double-check who you’re talking to.
5. If It’s Too Good to Be True…
Many phishing scams play on the desire to get a good deal, have some kind of positive experience or get lucky. If something seems too good to be true, that’s almost always the case. The scam emails that promise to send you millions are more of a running joke these days, but they’re still a legitimate form of phishing. Smarter attacks will use a variation on this theme to prey on your credulity.
6. Don’t Be Intimidated
Some attackers will try to use your fear against you to achieve their mission. They might threaten you with a “pay decrease” or a “fine” if you don’t exchange the information they want. It’s particularly troubling when they imitate someone that matters, such as a company CEO or even a representative of the company you work for.
With a bit of forward-thinking and vigilance, you can avoid being harmed by potential scams. It’s also important to share these strategies with your fellow colleagues and teammates, as awareness helps prevent the problem before it begins.
The more you and your peers know, the better you can protect your personal information and, by proxy, the business you manage or work for.
*** This is a Security Bloggers Network syndicated blog from CCSI authored by Guest Author. Read the original post at: https://www.ccsinet.com/blog/in-2019-dont-forget-about-phishing/