Webinar Recap: How To Avoid Falling Victim To An Email Phishing Scam

phishing scam

Title: How To Avoid Falling Victim To An Email Phishing Scam
Date and Time: Tue, June 12, 2018 1:00 PM – 2:00 PM EDT
Presenter: Eric Hobbs, CEO of Technology Associates

Email Phishing Scams represent the single largest threat to your businesses Cybersecurity stance. By the time you realize you’ve fallen victim it is too late to do anything about it – putting at risk your customer’s data and your business’ reputation. By the way, traditional defenses such as anti-virus/anti-malware, security patches, and anti-spam software, while foundational to a proper security stance, often fail to stand up to the onslaught of today’s hacking methods.

Eric Hobbs, President of Technology Associates, outlined the methods all users should be aware of to avoid falling victim to a scam, including;

  • Current Statistics On Phishing Emails
  • The 4 Most Common Tactics Hackers Use
  • Why Phishing Attacks Work
  • The Most Successful Email Phishing Templates
  • The Most See Email Phishing Templates
  • How to Spot Phishing Emails
  • BEC / Spear Phishing
  • Prevention Tips
  • What To Do If You Fall Victim


Note: If you liked this content or found it useful, please do us a huge favor and click the ‘like’ button on YouTube!


Phishing scams are a huge concern for business owners today. Fortunately, we’ve got the answers you need. After a webinar that dived deep into protecting yourself against phishing scams and the frequent methods phishing occurs, we’ve pulled together the top takeaways you need to know to better protect your business and your employees:

4 Most Common Tactics Hackers Use

1. Corporate Emails

2. Cloud Emails

3. Commercial Emails

4. Consumer Emails

Why Phishing Attacks Work

  • Often Prey On The Victims Sense of Urgency
  • Often Prey On The Victims Sense Of Fear
  • Often Prey On The Victim’s Sense of Familiarity

How to Spot Phishing Emails

The Message Contains a Mismatched URL

Hover your mouse over the top of the URL to view the actual hyperlinked address.  If the hyperlinked address is different from the one that is displayed, the email is most likely a pushing attempt.

URLs Have A Misleading Domain Name

Check the last part of a domain name – it is the most telling. For example, the domain name support.apple.com is the child domain of apple.com.  But the domain support.apple.xyz.com is the child domain of xyz.com and has nothing to do with apple.com

The message has spelling and grammar mistakes

When a large company sends out a message on behalf of their company, the whole messaged is reviewed for errors. You know this isn’t 100% true if you subscribe to our weekly ezine! If a message has poor spelling and grammar, it might be fake – drummed up by foreign actors.

The message requests that you enter personal information

No matter how legitimate a message appears, a reputable company never sends an email asking for your account information, passwords, or answers to security questions.

The offer seems too good to be true

If it seems that way, it most likely is. Watch out for emails from people you don’t know making these hard to believe promises. It’s a scam.

Email message contains a threat

On the other side of making big promises, you have phishing scams that try to scare victims into giving up personal information.

You’re asked to send money via email

No one should ever ask you to cover expenses or send money via email. If they do, it is probably a scam. Institute a ‘no blind transfers’ and ‘verbal confirmation’ policies.

Prevention Tips

DO:

  • Ongoing Training / Education
  • Confirm Changes / Transactions Verbally
  • Remember Why Phishing Works (and resist / be suspicious)
  • Sense of Urgency
  • Sense of Fear
  • Sense of Familiarity
  • Have a Layered Security Approach
  • Anti-Spam / URL Defense
  • DNS Security
  • Anti-Ransomware
  • Heuristic Anti-Virus
  • DR Plan To Address Ransomware
  • Dark Web Scan

DON’T:

  • Assume Anti-Spam Catches Everything
  • Whitelist Your Own Domain, Opens Door to BEC Attacks / Loopbacks
  • Think You Are “Too Small” To Be Targeted

What To Do If You Fall Victim To A Phishing Scam

If you’ve accidentally Downloaded something you now realize is a phishing attack or clicked through a link: 

  • Disconnect Your Device – Get Off Line
  • Use Some Other Device To Change All Your Passwords, start with email since changing other passwords will often require email confirmation
  • Let Your Community (Friends/Family/Co-Workers) Know – It’s embarrassing but a whole lot less so than allowing your community to get tricked by an email that came from your account!

If You Gave Your Credentials Out

  • CALL the company in question, ex: Well Fargo
  • If you re-use passwords (you KNOW you do!) change other accounts with common passwords also.  Example: you use the same password for email and LinkedIn – hackers are smart enough to try your email/password combination on other well known sites.

Other Resources:

For All Posts Related To Phishing – See Our Phishing Tag

 

Tags: ,

Not Your Ordinary IT Support Company

No more technology “fires” to put out. One less thing on your teams plate. IT services that aligns with your big picture vision and bottom line.

Experience The TA Difference