Nobody wants to fall prey to a phishing scam. There’s a good reason that such scams will continue, though: They are successful enough for cybercriminals to make massive profits.
Phishing scams have been around practically since the inception of the Internet, and they will not go away any time soon. Fortunately, there are ways to avoid becoming a victim and giving hackers access to your business data, or financial or personal information.
Here are some things your employees (or maybe even you) are doing that can compromise your IT security and expose you to phishing scams. And things they can do help protect themselves and your business.
Here are 7 ways your employees may be exposing your company to phishing scams – and how to fix them!
1. The Problem: Clicking on any old email link
It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in random emails and instant messages, however, isn’t such a smart move. Many virus programs will grab a user’s address book and shoot out emails to every address in the book. So just because you got an email from a friend (“Hey, look who is in this picture!!”) don’t assume it is safe.
Phishing scams are getting more sophisticated too, with hackers using company websites and social media to craft emails that sound legitimate.
The Solution: Hover over links that you are unsure of before clicking on them
Do they lead where they are supposed to lead? A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website. The email may ask you to fill in the information but the email may not contain your name.
Most phishing emails will start with “Dear Customer” so you should be alert when you come across these emails. When in doubt, go directly to the source rather than clicking a potentially dangerous link. Type in the domain name instead of clicking.
And when in doubt, double check with the sender with a call, text, or separate email to confirm they sent you the link.
2. The Problem: Not verifying a site’s security
It’s natural to be a little wary about supplying sensitive financial information online. As long as you are on a secure website, however, you shouldn’t run into any trouble. If you get a message stating a certain website may contain malicious files, do not open the website.
Never download files directly from suspicious emails or websites. Even search engines may show certain links which may lead users to a phishing webpage which offers low cost products. If the user makes purchases at such a website, the credit card details will be accessed by cybercriminals.
The Solution: Check for the “https”
Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar.
3. The Problem: Letting accounts take care of themselves
If you don’t visit an online account for a while, someone could be having a field day with. By the time you figure it, it may be too late to fix it. And the costs and time to restore your financial reputation can be enormous.
The Solution: Check online accounts regularly
Even if you don’t technically need to, check in with each of your online accounts on a regular basis. Get into the habit of changing your passwords regularly too. To prevent bank phishing and credit card phishing scams, you should personally check your statements regularly.
Get monthly statements for your financial accounts and check each and every entry carefully to ensure no fraudulent transactions have been made without your knowledge. You may even be able to register for daily or weekly alerts from banks and credit cards that summarize charges, so you notice more quickly if something is amiss.
4. The Problem: Being lazy about browser updates
Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit. If you typically ignore messages about updating your browsers, stop.
The Solution: Keep browsers up-to-date
The minute an update is available, download and install it. If you have an IT person, have them keep up with this. If not, you may have to remind employees or do it yourself.
5. The Problem: Clicking on pop-ups
Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts.
The Solution: Be wary of pop-ups
Many popular browsers allow you to block pop-ups; you can allow them on a case-by-case basis. If one manages to slip through the cracks, don’t click on the “cancel” button; such buttons often lead to phishing sites.
Instead, click the small “x” in the upper corner of the window or close the browser entirely and reopen it to your homepage. If you are having a problem closing the browser it is an indication that it’s time to reboot your PC. Doing that will clear the memory and prevent whatever was causing the problem from installing itself on the hard drive.
6. The Problem: Giving out personal information
As a general rule, you should never share personal or financially sensitive information over the Internet. This rule spans all the way back to the days of America Online, when users had to be warned constantly due to the success of early phishing scams.
The Solution: Contact the company directly
When in doubt, go visit the main website of the company in question, get their number and give them a call. Most of the phishing emails will direct you to pages where entries for financial or personal information are required.
An Internet user should never make confidential entries through the links provided in the emails. Never send an email with sensitive information to anyone. Make it a habit to check the address of the website. A secure website always starts with “https”.
7. The Problem: Mixing business with personal.
With the use of mobile devices, it’s easy to do business anytime, anywhere. But that probably means your employees are using their personal phone or laptop to send emails. Or they may use their business computer to check social media or respond to a personal email.
The Solution: Maintain a business/personal separation
Staying within the boundaries when on a business computer is by far the safest way to keep phishing off the company map. There are phishing attempts in the business community but they are far less frequent than in the personal space. Consider using your own phone for any personal business and keeping the company’s computer sheltered in the business space. This will also ensure that your personal data is safe in the event your business email is compromised.
You don’t have to live in fear of phishing scams. By keeping the preceding tips in mind, you should be able to enjoy a worry-free online experience. Remember there is no single fool-proof way to avoid phishing attacks. But education is key – for yourself and your employees.
Want some practice? Google released a great Phishing test you can share with your employees.
HST can help you as well by providing monitoring, backup services and even employee education and support. Give us a call today at (512) 900-9478 or email firstname.lastname@example.org for more information.
Author: Meredith Clark
About Higher State Technology (HST) Since 2004, specialists at Austin-based Higher State Technology (HST) have provided implementation, troubleshooting, hardware, software and managed services solutions for multi-location companies and for solopreneurs. HST helps companies safeguard their IT assets through network protection, backups and disaster recovery, antimalware and anti-spam protection, and other risk management services. HST offers remote and onsite IT support and management tailored to the needs of each client. For more information, visit www.Higher-State.com.