Phishing Scams – 5 Best Practices to Keep your Company Safe
Don't Let Scammers Bypass your Security
Before we go into our Best Practices, let’s define “Phishing” so we are all on the same page. “Phishing is defined as the illegal attempt to acquire sensitive information such as usernames, passwords, and credit card details (and occasionally, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electric communication (usually through email).”
Best Practices to Avoid Phishing Scams
Now let’s get to the fun stuff; what can you and your end users do to prevent pesky phishing scams, which also will aide in the prevention of malware, spyware, Ransomware (think Cryptolocker), and other malicious software.
#1 – Be Cautious with Suspicious Emails & Unknown Senders
Luckily for us, if we arm ourselves with the proper training to spot phishing scams, we can begin to see right through the majority of threats. Most scammers play a numbers game, and many of the signs are quite obvious once you know to look for them!
Be Extra Cautious if you spot these RED FLAGS:
- The Email/Message Comes From An Unrecognized Sender
- If they are asking you to confirm personal or financial information over the internet and/or make urgent requests for the information.
- If the email is not personalized (and is asking for info or contains attachments)
- Try to elicit an emotional response out of you by threatening you with frightening consequences to get you to respond quickly.
#2 – Links & Attachments
Once again, if you receive an email from an unrecognized sender you should refer to the first ‘best practice’. With that said, follow these guidelines if you receive an unexpected message with links or attachments:
- Always check website addresses before clicking a link – see example to the right.
- Always know what links you are clicking and where they lead
- Attachments: do not click links, download files, or open attachments from unknown senders. There often contain viruses, phishing attacks, malware, or even ransomware that can cost a pretty penny to recover your data.
#3 – Entering Personal Information
Phishers are looking to gather your information with as little interaction as possible, and often are able to make their email appear like a message you would receive from a legitimate business that you work with – so what do you do to ensure you don’t give away personal information?
- As a Rule, Do not input personal information unless you are absolutely sure of the website. Communicate personal information only via phone or secure web sites
- If you did not initiate the phone call – do not divulge personal information if the call is unexpected. Call the company back and ensure it is legitimate
- Pop-up screens should send up red flags everywhere. Never input personal information into a pop-up screen (unless it is through a website like you are 100% certain is secure – look for the https:// at the beginning of the url)
#4 – Computer Protection Software
If you do not already, ensure that all your computers (personal or business) are protected with an Anti-Virus program that includes malware, adware, ransomware, and other malicious software protection. If you are uncertain as to which one to purchase, Fuse recommends Vipre (give us a call and we can help obtain the best pricing possible).
#5 – Online Accounts & Bank Statement Monitoring
If you’re lucky enough to never have gone through identity theft, then we want to ensure it stays that way. If you have been a victim in the past, then you know all too well how much of a headache and hassle the situation can swiftly become. As a proactive measure, monitor your bank accounts for fraudulent activity, as well as monitor any important accounts that you hold online (vendors, loans, and any other account with personal information). Additionally, for any account online that has your personal or business information, ensure that you create a strong password. It’s also never a bad idea to continuously change these passwords. If you’d like an easy way to setup bank account alerts, most have mobile applications and settings to alert you of suspicious activity. Personally, I use a Mint account, which allows me to keep close tabs on all of my accounts, all the time.