Passwords are an essential part to your businesses cybersafety. If, like the rest of us, you have dozens of passwords to remember, you might take shortcuts. Taking advantage of this type of attitude is one way bad guys access your passwords. Continue reading
Phishing attacks are designed to steal your credentials or trick you into installing malicious software and still exist because they are so devastatingly simple and effective. But as with most things they evolve overtime and unfortunately become even more effective.
Just one click can be the difference between maintaining computer security and suffering massive financial losses. All it takes is just one employee to click on a link in an email for your business to be vulnerable.
Here are a list of 5 red flags that point out a potential phishing email:
1. Poor spelling and grammar
The occasional typo happens to even the best of us, an email filled with errors (both in grammar and spelling) is a clear warning sign of a phishing attempt. Most companies push their email campaigns through multiple reviews where errors are fixed and the language is refined. Errors throughout the entire message indicate that the same level of care was not taken and therefore the message is more than likely fraudulent.
2. An offer too good to be true
Free items or a lottery win sound great, but does the offer comes out of nowhere and with no catch? Then there is definitely cause for concern. Take care not to get carried away with the message and don’t click without investigating further.
3. Random sender who knows too much
Spear phishing is when an email or offer is designed and crafted especially for your business. Culprits take personal details from your public channels (Facebook, Twitter, Linkedin and even offline documents such as annual company reports etc) and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out. Even check the email address of the sender to confirm that it is correct and not just a similar sounding or looking address (see #4 below).
4. The URL or email address is not quite right
One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com] Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text then delete the email.
5. It asks for personal, financial or business details
Alarms should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels (ie phone the person on their known number not one contained within the email).
While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.
DP Computing can help secure your business and can even organise a fake phishing attack to see if further staff training is required. Give us a call to discuss how we can help you on 08 8326 4364 or email@example.com.
As an IT Expert, I get client calls and emails asking me about various emails they receive and whether that particular email is fake or real – almost all time the emails are fake.
To help my clients and others in a similar situation I’ve put together a video that goes through some security tips on how to protect your self from hackers and phishing attempts. The video goes through:
- First alerts of being attacked.
- How scammers and hackers try to fool you.
- How to tell if an email is fake or not.
- The Do’s and Don’ts.
- How to tell if you’ve been hacked.
- What to look for after you have been hacked.
- How to prevent and protect from hackers.
- What is 2-step and MFA?
- What to do after you’ve been hacked.
- Screenshot examples of phishing emails.
Check out the video below and leave any comments in the fields below.
Every employee shares one inescapable flaw that is putting businesses at risk – they are human.
Up to 59% of data breaches can be traced back to something an employee did or didn’t do, which helped create a security incident or cyber-attack.
To help prevent security issues build security awareness and respect into your company culture, so that maintaining digital security becomes as simple as making a cup of coffee.
Use complex passwords: Every employee, including management and owners, need to use an alphanumeric password that they haven’t used before. Password managers can assist with making sure they’re never forgotten.
Verify unknown identities: Not familiar with ‘Jenny from Accounting’ who has called to ask for sensitive information? Double check the callers identity and access permissions before releasing any information. Hackers love to play on our desire to help other people.
Encrypt by default: People regularly transfer data to a laptop, USB drive or smartphone so they can work offsite. Unfortunately this equipment can be easily stolen or lost. Set operating systems to encrypt data by default, so that it becomes useless in the wrong hands.
Protect portable devices: Laptops, mobile phones and other portable devices should always require a password and be set to auto-lock after a short period of time. Never leave them unattended in cars, buses, restrooms etc, and if travelling by plane take them on-board as carry-on luggage.
Set personal usage rules: Many businesses block productivity-vacuums such as Facebook and other websites but what are the rules regarding games, video streaming or shopping? Can users install their own software? When business devices are used for personal usage, security tends to slide which results in unintentional malware installation. Also don’t let the employees spouse or children use any company device.
Educate often: People often fall into the “it won’t happen to me” mindset. As security threats change regularly have a quick five minute discussion once a month to remind staff that you always need to be vigilant.
Some things to discuss with staff are:
- Links in emails – Hackers often send emails that look like they are from your bank, phone company or similar. Be sure to check the link by hovering over it with your mouse. This method of attack is known as ‘phishing’.
- Tech scam popups – Be on the lookout for popups advising that your computer is infected and you need to call a phone number or download software.
- Email attachments – Never open an unknown attachment and even from people you know and trust. If you are not expeciting an attachment from the sender always contact them to confirm and scan for malware before opening.
If you need help implementing better security practices in your business, give us a call on 08 8326 4364 or via email at firstname.lastname@example.org
What is a Phishing Attack
Phishing is an attempt to trick you in giving out personal information such as bank accounts, passwords and credit card numbers.
They work by someone contacting you pretending they are from a legitimate business. They then ask you to provide or confirm certain confidential information.This contact can come in a variety of formats such as email, social media, phone call or text message. The messages are designed to look genuine and often use copied logos and branding from the legitimate company.
Once the scammer has this information they can then use this to carry out fraudulent activities such as emptying your bank account or using your credit cards.
How to Avoid a Phishing Attack
Some tips to help you avoid a phishing attack are:
- Don’t reply to any suspicious looking emails or messages that ask you to confirm or update any information about your account whether they are from a coworker, finance company, friend, bank etc.
- Don’t click or visit any links contained in suspicious emails or messages. Even if the website looks legit it will most likely infect your computer or do something worse.
- Legitimate businesses, organisations and government departments will never send you a message to ask for your login information or sensitive personal information. If in doubt ring the organisation in question but don’t ring any numbers listed in the suspicious message.
- Ignore emails that try to convey a sense of urgency and / or are requesting you to “Verify your account” right away due to ‘security issues’, ‘suspicious activity’ or ‘failed login attempt’ or the like.
- Do not copy website links from suspicious messages and paste them into your web browser.
- Never open or save any documents or attachments that come from possible spam and / or virus mails.
- Never send confidential information about any of your accounts in an email.
- If you’re unsure or suspicious about an email from a ‘friend’ or ‘colleague, call them (ie don’t respond to the suspicious email) to see if that really was a legitimate message.
Further information is provided at the Australian Government’s Scam Watch website – http://www.scamwatch.gov.au/