February 13, 2017
From emails to popup ads to websites, phishing scams are sophisticated and come in many different forms. They are bombarding everyone from everywhere – on desktops, smartphones, tablets, and other devices. They are one of the most common security challenges that businesses face in keeping their information secure.
Cybercriminals are devious in using phishing scams to get sensitive information. Even when the business is proactive in their internet security, all it takes is one employee to fall victim. For businesses to protect valuable data, they need to regularly train employees on how to avoid phishing scams.
10 Tips for Avoiding Phishing Scams
- Watch out for email spam. Learn how to identify suspicious emails by looking at who sent it. Cybercriminals will send an email under a name that the employees will recognize and design the email to look the same as the company they pose as. But it is fake. Spelling errors and strange grammar mistakes can be an alert to phishing scams. Banks don’t send emails with links asking for information. And legitimate companies don’t send spam advertisements.
- Check the source of incoming emails. One of the easiest ways to test an email is by hovering your mouse over the sender’s name to determine the email address of origin. You can also review the link destinations without clicking on them by hovering the mouse over the link to determine the web address, or URL, that is being referred to. Hovering over a link will show you where the link is redirecting you on the World Wide Web. Scammers might list the URL in the email but then have the link directed to another address. They also might link from a phrase, title or button that is easy to click on. If it is not a recognizable email address or URL, beware!
- Don’t click directly on links. Some of these fake websites are so well done that it’s quite impossible to tell them apart unless you look at the URL. But even the URLs can be deceiving because they use extensions to impersonate the company. If you are expecting an email, you are more likely to unknowingly click on the link. Don’t. Instead, verify the correct URL (don’t copy it from the email) and type it directly into your browser.
- Never enter information on pop-up screens. Cybercriminals are using pop-up screens on popular websites that deceive you into thinking it is directly from the site. But a legitimate company will never ask for information on a pop-up screen. They will bring you to a secure page to get information. Make sure you are on a page that has a lock icon in the address bar.
- Never provide personal and confidential information. Many companies have policies about what information they ask for and how they obtain that information. Learn the policies. It is highly unlikely that a legitimate company will ask for sensitive information in an email or through a link.
- Think twice before entering information. Some information is best not sent via email or by completing an online form. If you have any doubts, don’t risk it. The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data.
- Don’t download from unreliable sites or unknown senders. Today’s browsers have built-in security that may give you a warning message stating a certain website contains malicious files. Do not download. Download files only when you are certain what you are downloading and know you are on a legitimate site. Also, do not click on links to download files or open attachments from unknown senders.
- Beware of new phone scams. Sophisticated techniques include pop-up windows that give a warning of a virus or malware and ask you to call a number immediately. But the number goes to a fake call center that asks for information and may even convince you to provide remote access to your computer. Be very cautious of phone scams tied to pop-ups. Do not divulge sensitive information over the phone unless you are certain who you are talking to.
- Phishing knows all languages. Cybercriminals are finding out all they can about their victims and will send scams in another language that you speak. If you don’t typically go to the Spanish site for your bank or other website, you would have no reason to get an email in that language. Delete it.
- Use common sense and good judgement. Cybercriminals are always changing their techniques to be more devious in getting sensitive information. One of the latest techniques to hit the news is of a fake message that went to employees via email. The message appeared to be sent from the CEO and asked for W-2 information. It was well-timed but not consistent with company policy and not from the CEO’s email address.
Understanding how to avoid phishing scams is critical for protecting you and your company. You should always have the most current updates for your operating system and website browsers on your device, and protect your device with a firewall, anti-malware, anti-spyware, and anti-virus software. Boost IT can assist you in maintaining the proper security. Call us for more information at 404-865-1289.