Did you know that 74% of United States companies suffered a successful phishing attack in 2022? If you have an email account or a phone that receives text messages, it is highly likely that you've received phishing messages before. In fact, there's a good chance you receive multiple messages like this every day. Let’s talk about how to identify common phishing tactics and best practices for avoiding them.
What is Phishing and Why is it Bad for Business?
The Oxford dictionary defines phishing as the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Cyber criminals, also known as hackers or bad actors, understand that human error is the weakest link in any cybersecurity protocol.
As the name suggests, phishing is a way for cyber criminals to lure individuals into downloading malicious software or handing over vital data. They attack individuals and organizations alike, and they are relentless in their attempts to get you to slip up and take the bait. Successful phishing attacks can be costly to an organization and cause a loss of data, a damaged reputation, financial penalties, and more. It is important to be aware of the tactics of cyber criminals and take steps to avoid being on the hook of a phishing scam.
Common Phishing Tactics: Email
Email is the most common method used for implementing phishing attacks. Bad actors usually try to trick their victims into opening links, downloading files, or sending over sensitive information. There are many types of threats a cybercriminal may look to employ on their targets. Malware is a malicious software that can be used to disrupt, damage, or gain unauthorized access to a computer system. Ransomware is designed to block access to a computer system until a sum of money is paid.
Bad actors can also try to "phish out" sensitive data and information, such as passwords, account numbers, or other important details. Phishing scams often come in the form of emails appearing to be from a legitimate source, like a bank or a well-known online retailer. Before responding, take a moment to verify the legitimacy of the email. If you're unsure, don't click any links or attachments. Phishing emails often include urgent messages, grammatical and spelling errors, and suspicious links or attachments.
Common Phishing Tactics: Text Messages
Cyber criminals are using text messages more frequently than ever — approximately 7 out of 10 people receive phishing text messages on a regular basis. Typos, poor grammar, and suspicious links are also common in text message phishing. These messages often appear to come from a bank or another seemingly reliable source. They usually include a link and/or ask for account information. If you notice any of these signs, it's best to avoid interacting with the text.
As with emails, you should also check the sender's identity when you receive a text from a random or unknown number. Before responding to a text from an unfamiliar number, examine the sender's contact info. If you receive a text or email that claims to be from a company or organization you do business with, but it seems suspicious, call the company directly to verify its authenticity. Spam phone calls are also a form of phishing, and you should never provide sensitive information or complete unusual requests without verifying the caller.
How to Identify and Avoid Phishing
In addition to the specific signs of phishing that you can avoid via email and text message, there are also some great tactics to prevent cyber attacks, to begin with. Use a pop-up blocker and anti-virus software to protect your computer from phishing attacks, which can identify and block malicious emails and attachments. Keep software and security systems up-to-date to prevent vulnerabilities. Software updates often include security measures that can help protect your device against the newest threats.
Exercise caution when entering personal information online. Phishing scams can take the form of fake websites requesting sensitive personal details. Use strong, unique passwords and two-factor authentication for online accounts. Two-factor and multi-factor authentication can help add an extra layer of security to your passwords and prevent unauthorized access.
If you find that you have been attacked by a cyber criminal, there are a few steps you can take. Disconnect your device from the internet by unplugging your Ethernet cable or logging off of WiFi. Back up any important data or files, change any passwords or login credentials and scan your device for malware or other malicious software. It may be uncomfortable to report that you've been the victim of a phishing attack, but it's important that you do so immediately. It's always best to notify someone rather than try to fix the problem yourself — when in doubt, reach out.
Workplace Training to Avoid Phishing & Cyber Attacks
Remember, cyber criminals know that humans are the weakest link in any cybersecurity protocol. Help to strengthen your individual and organizational security by staying up to date on your Cybersecurity training from EasyLlama, including our new Phishing Llama Bite mini-course. Llama Bites are 5-10 minute monthly microlearning options that offer continued education and reinforcement of safe and positive work culture. Learn more about cybersecurity best practices by accessing your free course preview today!
