Cybersecurity needs to be a priority to any business that wants to continue their operations in the long-term. One threat that is very common today is the phishing attack.
In 2018, there was an increase in the prevalence of phishing attacks by 269 percent when compared to their prevalence in 2017. In addition, a full 32 percent of reported data breaches that year featured phishing to some extent. United States businesses may have had cause for the most concern, as nearly 86 percent of phishing attacks targeted American companies.
NCSAM’s Phishing-Heavy Theme: “Own IT. Secure IT. Protect IT.”
These lessons effectively boil down to pretty basic practices that any user should cultivate into habits. Naturally, this includes some anti-phishing tactics.
Remember, you also have another knowledgeable resource to lean on for advice – we’re always available to assist you and your team. For instance, try implementing these best practices in your processes now to avoid phishing:
- Don’t trust surprise messages: One of the first signs that a message is hiding a phishing attack is if it just appears in your inbox. Let’s say you suddenly get an email that says that it’s from Amazon, claiming that your account needs to have its payment credentials verified after some suspicious purchases were made. Stop and consider some other facts before you react… have you received something like a receipt in your inbox for something that you didn’t order, or an anticipated delivery date? Any emails can – and should – be examined in this way to ensure that you aren’t walking into a threat. It’s generally a good idea to reach out to the alleged sender through a different form of communication for confirmation.
- Make sure the details match: When we get an email, it’s pretty typical that we only take a quick glance at who sent it without giving it a second thought. If a cybercriminal is worth their salt, they would have used a fake email that isn’t quite perfect, but passes the “quick glance” test. For instance, would you sooner click on an email from “business_aclmin@gmail.com,” or one from “googledave@grnail.com?”The right answer is “neither,” as in “neither A-C-L-M-I-N or G-R-N-A-I-L actually say what they appear to say at first.” Therefore, they are most likely traps.
- Don’t trust surprise links or attachments, either: You need to be prepared before you even open a message, and this is one of the reasons why. Some links and attachments contain malware, or automatically direct you to a website that will begin installing the malware. Some have been especially tricky, asking the user to confirm the download, but completing the installation regardless of what they pick. Again, unless you expected an attachment or a link, think twice before just clicking through. It doesn’t hurt to confirm its legitimacy through another means, either.
