Why Increased Connectivity Means More Cyber Risks
Protect Your Business From Spear-Phishing Attacks With These 4 Helpful Hints
Everyone who uses the internet has access to something that a hacker wants. To obtain it, hackers might level a targeted attack directly at you.
Likely objectives may include pilfering customer data in order to commit identity theft, gaining access to a company’s intellectual property for corporate espionage, or acquiring your personal income data in an attempt to steal your tax refund or file for unemployment benefits in your name.
Targeted attacks, commonly referred to as spear-phishing, seek to fool you into volunteering your login credentials or downloading malicious software.
Spear-phishing attacks often transpire over email. Hackers typically send a target an “URGENT” message, incorporating plausible-sounding information that’s unique to you – such as something that could have come from your tax returns, social media accounts, or credit card bills.
These schemes often include details that make the sender appear legitimate in order to get you to disregard any warning signs you might detect about the email.
In spite of corporate training and dire warnings to be cautious about who you give your password to, people still get duped by these tactics.
Another byproduct of falling for a spear-phishing scam could be inadvertently downloading malware such as ransomware. You might also be coerced into wiring funds to a cybercriminal’s account.
You can steer clear of the majority of spear-phishing scams by observing the following security measures.
Recognize the Basic Signs of Phishing Scams
Phishing emails, texts, and phone calls attempt to trick you into accessing a malicious website, surrendering a password, or downloading an infected file.
This works particularly well in email attacks, since people often spend their entire day at work clicking on links and downloading files as part of their jobs. Hackers realize this, and try to exploit your natural tendency to click without thinking.
Thus, the number-one defense against phishing emails is to think twice before you click.
Check for indications that the sender is who they purport to be:
- Look at the “From” field. Is the name of the person or business spelled correctly? Does the email address match the name of the sender, or are there all kinds of random characters in the email address instead?
- Does the email address seem close, but a little bit off? (For example: Microsft.net or Microsoft.co.)
- Hover over (don’t click!) any links in the email to scrutinize the actual URLs they will send you to. Do they seem to be legitimate?
- Note the greeting. Does the sender call you by name? “Customer,” “Sir/Madam,” or the prefix of your email address (“pcutler35”) would be red flags.
Examine the email closely. Is it mostly free from spelling errors and unusual grammar?
Consider the tone of the message. Is it excessively urgent? Is its aim to urge you to do something that you normally wouldn’t?
Don’t Be Fooled By More Advanced Phishing Emails That Employ These Techniques
Even if an email passes the preliminary sniff test defined above, it could still be a ruse. A spear-phishing email might include your actual name, implement more masterful language, and even seem specific to you. It’s just a lot harder to distinguish. Then there are the targeted telephone calls, in which an unknown person or organization calls you and attempts to finagle you into relinquishing information or logging on to a shady website.
Since spear-phishing scams can be so crafty, there’s an added measure of protection you should take before responding to any request that arrives via email or phone. The most significant, preventative step you can take is to safeguard your password.
Never click on a link from your email to another website (real or fraudulent), then enter your account password. Simply log on to your account by manually typing the URL into a browser or access it via a trusted app on your mobile device. Never provide your password to anyone over the phone.
Financial institutions, internet service providers, and social media platforms generally make it a policy to never ask for your password in an email or phone call. Instead, log in to your account by manually typing the URL into your browser or access it via a trusted app on your preferred mobile device.
You can also call back the company’s customer service department to verify that the request is legitimate. Most banks, for example, will transmit secure messages through a separate inbox that you can only access when you’ve logged onto their website.
Combat Phishing By Calling the Sender
If an individual or organization sends you something they say is “IMPORTANT” for you to download, requests that you reset your account passwords, or solicits you to send a money order from company accounts, do not immediately comply. Call the sender of the message – your boss, your financial institution, or even the IRS – and make certain that they actually sent you the request.
If the request arrives by phone, it’s still appropriate to hesitate and corroborate. If the caller claims to be phoning from your bank, you’re well within your rights to inform them that you’re going to hang up and call back on the company’s main customer service line.
A phishing message will often attempt to make its inquiry appear extremely urgent, prompting you to forgo taking the extra step of calling the sender to double-check the veracity of the request. For instance, an email might state that your account has been jeopardized and you should reset your password as soon as possible, or perhaps that your account will be terminated unless you take action by the end of the day.
Don’t freak out! You can always justify taking a few extra minutes to validate a request that could cost you or your business financially, or even mar your reputation.
Lock Down Your Personal Information
Someone who wishes to spear-phish you has to obtain personal details about you in order to put their plan in motion. In some cases, your profile and job title on a company website might be sufficient to inform a hacker that you’re a worthwhile target, for whatever reason.
Alternatively, hackers can take advantage of information they’ve discovered about you as a result of data breaches. Unfortunately, there’s not much you can do about either of those things.
However, there are certain situations in which you may be divulging information about yourself that could supply hackers with all the data they need to proceed. This is a solid reason to refrain from posting every detail of your life on social media and to set your social accounts to “Private.”
Finally, activate two-factor authentication on both your work and personal accounts. This method adds an extra step to the login process, meaning that hackers require more than simply your password in order to access confidential accounts. Thus, if you do end up inadvertently giving away your credentials in a phishing attack, hackers still won’t possess all they need to access your account and make trouble for you.
By taking these tactics to heart, you will be better prepared to avoid common online scams such as spear-phishing attacks.
When you partner with a trusted cybersecurity services provider like DataGroup Technologies, you’ll enjoy a number of substantial safeguards to help protect your business from cyberthreats, including security risk assessments, email security solutions, web and DNS filtering, next-generation firewalls, operating systems and application security patches, and network security monitoring. To find out how we can help your company, give us a call at 252.329.1382 today!
Blog post text…
Blog post text…
Blog post text…
Blog post text…