How To Avoid Falling Victim To An Email Phishing Scam
Email Phishing Scams represent the single largest threat to your businesses Cybersecurity stance. By the time you realize you’ve fallen victim it is too late to do anything about it – putting at risk your customer’s data and your business’ reputation. By the way, traditional defenses such as anti-virus/anti-malware, security patches, and anti-spam software, while foundational to a proper security stance, often fail to stand up to the onslaught of today’s hacking methods.
Eric Hobbs, President of Technology Associates, outlined the methods all users should be aware of to avoid falling victim to a scam, including;
- Current Statistics On Phishing Emails
- The 4 Most Common Tactics Hackers Use
- Why Phishing Attacks Work
- The Most Successful Email Phishing Templates
- The Most See Email Phishing Templates
- How to Spot Phishing Emails
- BEC / Spear Phishing
- Prevention Tips
- What To Do If You Fall Victim
Note: If you liked this content or found it useful, please do us a huge favor and click the ‘like’ button on YouTube!
Phishing scams are a huge concern for business owners today. Fortunately, we’ve got the answers you need. After a webinar that dived deep into protecting yourself against phishing scams and the frequent methods phishing occurs, we’ve pulled together the top takeaways you need to know to better protect your business and your employees:
4 Most Common Tactics Hackers Use
- Corporate Emails
- Cloud Emails
- Commercial Emails
- Consumer Emails
Why Phishing Attacks Work
- Often Prey On The Victims Sense of Urgency
- Often Prey On The Victims Sense Of Fear
- Often Prey On The Victim’s Sense of Familiarity
How to Spot Phishing Emails
The Message Contains A Mismatched URL
Hover your mouse over the top of the URL to view the actual hyperlinked address. If the hyperlinked address is different from the one that is displayed, the email is most likely a pushing attempt.
URLs Have A Misleading Domain Name
Check the last part of a domain name – it is the most telling. For example, the domain name support.apple.com is the child domain of apple.com. But the domain support.apple.xyz.com is the child domain of xyz.com and has nothing to do with apple.com
The Message Has Spelling And Grammar Mistakes
When a large company sends out a message on behalf of their company, the whole messaged is reviewed for errors. You know this isn’t 100% true if you subscribe to our weekly ezine! If a message has poor spelling and grammar, it might be fake – drummed up by foreign actors.
The Message Requests That You Enter Personal Information
No matter how legitimate a message appears, a reputable company never sends an email asking for your account information, passwords, or answers to security questions.
The Offer Seems Too Good To Be True
If it seems that way, it most likely is. Watch out for emails from people you don’t know making these hard to believe promises. It’s a scam.
Email message contains a threat
On the other side of making big promises, you have phishing scams that try to scare victims into giving up personal information.
You’re asked to send money via email
No one should ever ask you to cover expenses or send money via email. If they do, it is probably a scam. Institute a ‘no blind transfers’ and ‘verbal confirmation’ policies.
- Ongoing Training / Education
- Confirm Changes / Transactions Verbally
- Remember Why Phishing Works (and resist / be suspicious)
- Sense of Urgency
- Sense of Fear
- Sense of Familiarity
- Have a Layered Security Approach
- Anti-Spam / URL Defense
- DNS Security
- Heuristic Anti-Virus
- DR Plan To Address Ransomware
- Dark Web Scan
- Assume Anti-Spam Catches Everything
- Whitelist Your Own Domain, Opens Door to BEC Attacks / Loopbacks
- Think You Are “Too Small” To Be Targeted
What To Do If You Fall Victim To A Phishing Scam
If you’ve accidentally Downloaded something you now realize is a phishing attack or clicked through a link:
- Disconnect Your Device – Get Off Line
- Use Some Other Device To Change All Your Passwords, start with email since changing other passwords will often require email confirmation
- Let Your Community (Friends/Family/Co-Workers) Know – It’s embarrassing but a whole lot less so than allowing your community to get tricked by an email that came from your account!
If You Gave Your Credentials Out
- CALL the company in question, ex: Well Fargo
- If you re-use passwords (you KNOW you do!) change other accounts with common passwords also. Example: you use the same password for email and LinkedIn – hackers are smart enough to try your email/password combination on other well known sites.
- Phishing Scams Go Social
- Security Alert: New Link-Bait Phishing Tactic
- CEO Phishing – Don’t Take the Bait
- Latest DropBox Phishing Attempt
- What your staff needs to know about Phishing
- Fake W-2 Requests nets a victim
For All Posts Related To Phishing – See Our Phishing Tag