Since the inception of the internet and email, it seems there have always been phishing scams. They are a global threat to all businesses that utilize the internet for any reason. Within recent years, these scams have increased significantly, and they continue to victimize people around the world every day. You might be wondering, how does a phishing scam work?
A phishing scam involves sending a fraudulent link to an individual with the primary purpose of installing malware or deceptively retrieving sensitive information, such as passwords, banking information, or social security numbers.
Phishing costs businesses billions of dollars in losses. As a managed IT service provider, Iron Dome has the technical expertise to aid your business in the prevention and recovery from a phishing scam. We use the most powerful applications to keep your data safe. Phishing scams are very profitable. They have cost many businesses millions of dollars. According to a report released on July 12, 2018 by the Federal Bureau of Investigation, business email losses are in the billions. This is probably why the phishing scam is one of the most popular internet scams today because it’s a fast way for cybercriminals to obtain money.
How Can You Avoid Being a Phishing Victim?
Here are some of the steps you can take to avoid becoming a victim.
Don’t Download Files from Unknown Users
If you receive an email from an unknown user, don’t click on any links or download any files attached to that email. For some people, this may seem obvious, but thousands of people accidentally click or download infected files every year. Even if the link is from a known party, go to the company’s website instead of attempting to access it from the email. Sometimes cybercriminals will use emails and websites that are cloned versions of the actual business website. If you’re not paying close attention to what you are doing, you can be scammed. You also want to look at the website’s URL address. Hover over it to confirm that it’s the company’s domain name.
Don’t Trust the Display Name
Even if you receive a familiar email, be cautious. A common phishing tactic is spoofing the email’s display name. Unfortunately, some email providers will only display the sender’s name but not the email address. If the email address does not coincide with the name of the sending party, flag it. However, this is not a full-proof indicator that it’s a scam, for any email address can be spoofed.
Install and Maintain Security Software
All of your computers should have a security solution installed on them. It should include at minimum an anti-virus application, firewall, and email filter. The anti-virus application is responsible for preventing viruses, phishing attacks, spyware, rootkits, malware, trojans, and other cyber threats. Maintaining the software is equally important as installing it, for recent updates offer the highest level of protection. Therefore, when you receive security updates, you want to install them immediately.
Educate Your Employees and Bring Awareness
Often employees are not aware of how businesses are targeted. By simply keeping your employees aware of the latest security attacks, you can possibly avoid any future data or financial losses. According to Symantec’s 2018 Internet Security Threat Report, over 50% of email is spam. What’s even worst is that their data shows the average individual receives 16 malicious spam emails per month. With just 10 employees, this would equate to 160 emails per month.
Be Cautious of the Urgency
Be cautious of any email that you receive that expresses an urgency to do something. You may receive an email indicating that there is a problem with your bank account, and you need to log into your account to correct the problem. This is a common tactic used to quickly gain access to your personal information.
Identify Possible Threats
Verify the website’s security before sending sensitive information over the internet. Some ways of analyzing the safety of a website include the following:
- • Look for the “S” in https. This indicates that the site has an SSL certificate, which encrypts sensitive information. Without it, cybercriminals are exposed to the information that you enter
- • Look for contact information. Many website visitors feel uncomfortable doing business with a website that does not have a phone number or physical address. Ideally, most legitimate businesses will have visible contact information
- • Look for key indicators of possible malware. Some key indicators include suspicious pop-ups, ads with improper spelling or grammar, and search engine warnings.
The internet is an amazing tool and you can use it for many things. Like anything else in life, it comes with a dark side. When it comes to your business, be very cautious about releasing any information online. Only transact business on trusted websites that you know are legitimate.
Need Help Avoiding or Recovering from a Phishing Attack
Should your company become the victim of a cyberattack, Iron Dome specialises in disaster recovery, and we can help you recover any lost data.
Contact us today at 0203 358 0203 to learn more about our services and avoiding cyberattacks.
- Physical Security
There are ways to lock your laptop down from outside of the machine. First, be sure that your laptop bag is always on your person, or that you use a padlock to keep the zipper securely closed. Most work benches at the airport have legs that you can easily secure the carry strap to. Or you can utilize a cable lock to secure it to something like a chair fastened to the ground or a building pillar.
Second, always keep a Kensington lock in your bag, and break it out every single time that you use your laptop in a public area. These are inexpensive, and you can always ask your IT provider if they have any spares. Trust us, if you’re showing initiative to protect company assets, your company will listen.
If you are in a hotel, a good way to keep your belongings safe is to put the ‘Do Not Disturb’ sign on the door. If that is posted, then the only foot traffic that should be in your room is your own. If something turns up missing and you and the Hotel are the only people with keys to your room, then this helps narrow down the search for the thief.
- Software Security
We’re not talking about McAfee or Norton here, but something more along the lines of location software. Some examples of this may be Lojack for Laptops if you have a Windows machine, or Find My Mac if you are an Apple user. To help protect your information, these applications will setup passcodes that the thief will have to hack to bypass. Also, they can provide the location of your device if it’s missing or stolen.
- Backup Solution
If, in fact, your device does go missing, you know as well as we do that your work can’t be put on hold. It will continue to pile up – causing a mess of inconveniences – but the world doesn’t stop, even if your laptop is stolen. You need to be able to back up your most valuable data and recover it at a moment’s notice with a legitimate backup solution. And we’re not just talking about a file backup like Dropbox or Google Drive. A truly reliable backup solution allows for virtualizations of your laptop, so you can login to this virtual copy of your machine and it’s just like you’re sitting in front of it again.
- AdBlock Plus
While you surf the world wide web, there are certain things that track your information and compile it into a database. These “things” are better known as scripts. Scripts are invisible to the visitor’s eye, but their availability within the code of a website defines how the website behaves in response to certain click requests sent by the user.
Sometimes, scripts give you unwanted ads and annoying pop-ups while you are trying to navigate a web page. This is where an extension such as AdBlock Plus comes in handy. This extension blocks banner ads, pop-up ads, rollover ads, and more. It stops you from visiting known malware-hosting domains, can prevent data being sent to advertisers, and it can disable third-party tracking cookies and scripts. Essentially, ad blocker extensions like this one give you more control over your browsing experience.
- Privacy Badger
Privacy Badger keeps an eye out for suspicious third parties tracking you while you browse different websites, then jumps to your defense by blocking their tracking cookies. Cookies keep tabs on your browsing history and internet behavior, and if an advertiser is tracking your cookies, this extension will automatically block that advertiser from loading any more content in your browser. All in all, this little badger’s job is to blocks spying ads and invisible trackers – making it a good buddy to have by your side while you surf the internet.
- HTTPS Everywhere
Generally speaking, there are two types of web URLs – HTTP and HTTPS. The difference here is the ‘S’ at the end of HTTPS, which stands for ‘Secure’. However, many web pages do not route you to the secure versions of their webpages automatically.
The HTTPS Everywhere extension takes care of that by rewriting requests to direct you to HTTPS-secured sites. So, if your browsing takes you to unsecured areas of a website, HTTPS Everywhere will redirect you to the encrypted HTTPS site and keep your sensitive data from leaking and third parties from snooping.
Hook up to a network that you know.
Free Wi-Fi is tempting, but be sure that you consider who is providing the connection. Public connections at the local coffee shop are usually unsecured and leave your machine open to outsiders. While these networks provide a convenience, there are risks to be aware of.
Bank and shop with caution.
Shopping from familiar websites is a good place to start. Stick with the reputable sites that are tried and true – like Amazon or eBay. Also, when checking out and finalizing the purchase, look for the ‘padlock’ symbol or the abbreviation ‘https’ in the address bar at the top of your browser. This will ensure that you are on a secure, encrypted part of this webpage. Keeping an eye on your bank statements for suspicious activity is always a good idea, among these other best practices for shopping online.
Use secure passwords.
Passwords for logging into any website should containa mix of letters, numbers, and special characters – as well as be different for each website that you log into. It can definitely be a pain to remember all of these passwords, but ask yourself which is more of a pain – remembering these, or recovering stolen personal information.
Lock your computer.
When you walk away from your machine, lock it. In Windows, it is as easy as pressing the Windows key + L. On an Apple Mac, pressing “Control+Shift+Eject” will do the trick (unless you do not have an optical drive, then you can hit the “Power” key instead of “Eject”). This practice would be the equivalent to deadbolting the front door of your home. It acts as a deterrent to the bad guys as well as a line of defense. It may even be worth setting up a password lock on your Appleor Windowsmachine as well.
Do not click on anything unfamiliar.
If an offer is too good to be true, it probably is. If you get an email from an unknown source, do not clickany of the links within it – and immediately report it to your IT department. If a window pops up while browsing a website, immediately close it. Familiarity is always your friend. Using your judgment and trusting your gut is the ultimate defense when online. Always play it safe!