Gone Phishing: How To Avoid The Greatest Cybersecurity Scam

gone-phishing-verify-identity-data

More people fell victim to phishing scams in 2020 than any other cybersecurity threat, according to the FBI’s Internet Crime Report 2020.  

Nearly 250,000 people reported being scammed through phishing attempts last year than the next three categories combined—non-payment / non-delivery, extortion, and personal data breach. 

As phishing attempts—and success rates—increase, it’s worth taking a look at what phishing is, how your business can detect and protect against it, and what to do if an attack is successful. 

 

What Is Phishing?

Phishing is a cybersecurity scam in which hackers disguise themselves as a reputable person, company, or entity in email, social media messages, text messages, and other forms of communication in order to collect login credentials or account information. 

Examples of phishing attacks include: 

  1. Clicking an email attachment. What appears to be a valid PDF or image could actually be malware
  2. Spoofing popular websites. Attackers may use brands you recognize to get you to click a link that spoofs the legitimate website so you will enter your account information. 
  3. Facebook friend requests. You may receive a request from an account with mutual friends, thinking it’s a legitimate profile. Instead, your new friend may send you a video that, when clicked, installs malware on your computer and potentially your network. 
  4. Logging in to free Wi-Fi hotspots. Beware of Wi-Fi hotspots that may look like one that is offered by your favorite coffee shop, airport, shopping mall, or other public place. 

All of these are things most people do on a regular basis, so how do you figure out what’s real and what’s not? 

 

Common Indicators Of A Phishing Attack

Phishing attacks typically have telltale signs, like: 

  1. Asking you to pay an invoice by downloading an attachment or clicking on a link
  2. Saying there’s a problem with your payment information
  3. Asking you to confirm personal information 
  4. Offering rebates, coupons, or refunds

If any of these requests seem out of the ordinary, it’s best to contact the person or organization directly through another method. 

For example, if you’ve never purchased from or worked with a company before, don’t click or respond to anything within the suspected phishing email.

Instead, open a new browser window, search for that company, and find a way to contact them through their website with a phone number, support email, or live chat service. 

 

How To Prevent Phishing

The easiest way to prevent phishing is by asking yourself one question: 

Do you know the person or organization that’s contacting you? 

If you do, that’s a good start.

However, still proceed with caution by contacting them through another verified method.

For companies, that likely means using a company phone number or website.

For people, text or call them if you know their number, or email them by starting a new email chain if you know their email. 

If you don’t know the person or organization, it could be a scam.

Follow the recommended steps outlined above to get in contact with them. 

Two other ways to prevent phishing and its potentially disastrous effects include enabling multifactor authentication and backing up your data to a location besides your home or office network.

At home, you can back up your data onto physical hard drives or a cloud service (one often comes with your phone plan as an add-on service). 

IT departments should back up company data on a separate cloud network so an attack cannot infiltrate further.  

Your IT department or managed service provider may also run phishing simulations as part of a security awareness program.

 

How To Report Phishing

In the event you accidentally clicked on that Facebook message or email, verify whether your device’s security software is updated. 

(Side note: Hackers hate updates, so we recommend regularly updating software and operating systems). 

Additionally, report the incident and notify your IT department so they can monitor any unusual activity on your computer or network as a whole.

If it turns out to be nothing, great.

If there is a cybersecurity breach, they can help stop it before it spreads too far. 

Depending on the nature of the information, you may consider taking additional steps:  

  • Report the incident to IdentityTheft.gov. Protect your sensitive information such as your Social Security number, online logins, bank account information, and other personal data.
  • Forward emails to the Anti-Phishing Working Group at reportphishing@apwg.org
  • Forward text messages to SPAM (7726)

Read more on phishing: 

How secure is your company’s data? Phishing is one way to experience a cybersecurity incident, but hackers can access your protected information in other ways, too. Download our Data Security Checklist to see how well your data is protected against today’s common cyberthreats! 

New Call-to-action

Read On