Phishing schemes are an increasingly common online threat, and the sophistication of the attacks continues to grow.
Phishing generally refers to online attempts by malicious scammers to trick sensitive or valuable information from unsuspecting targets.
Scammers sometimes try to dupe customers of companies by sending Internet users fake pop-up messages that say, for example:
The reader is then advised to call an 800 number for help. If the customer calls, the scam is on.
SDN customers are among those who have been targeted for such schemes. SDN, like many legitimate companies, does not communicate with its customers through pop-up messages.
Be wary, too, of fake websites that might be created as a part of phishing scams. Legitimate corporate websites are sometimes cloned to add authenticity to attacks and even generate false messages.
Here are seven suggested best practices to help protect yourself and your customers from malicious phishing scams:
- Keep your computer and security software updated and scan regularly for spyware and viruses.
- Always maintain situational awareness.
- Never respond to questionable emails that request personal information.
- Don’t click on links in suspicious emails.
- Visit websites by typing the known URL into the address bar rather than by clicking a link.
- Before entering sensitive financial information, check to make sure the site is secure. The URL should begin with “https” instead of “http.”
- Regularly monitor your bank accounts and report any suspicious activity.
- Report suspicious online activities to the appropriate Internet service provider or affected company.
- Contact your IT department if you suspect you’ve compromised information so they can respond quickly to any threat.
Train, test and retrain
Perhaps even more so than corporate executives, scammers know that the easiest and quickest way to access valuable electronic information is with the unwitting help of an inside employee.
The vast majority of security breaches are the result of human error, not the mechanical failure of security hardware or software. That reality helps explain why phishing has become so common.
Attacks on business networks typically succeed when someone within an organization is successfully enticed into clicking a bad link, opening a contaminated email, visiting an infected website or otherwise helps introduce a questionable application to a corporate system.
Phishing attacks can come by phone or even in person, but online methods such as tainted emails are especially popular because of their relative ease.
To keep business data safe, all employees – everyone from cleaning staffers to top executives -should be trained, tested and retained on an ongoing basis about phishing and similar threats.
- Be suspicious of email attachments.
- Look for spelling errors and other sloppy mistakes that a harried hacker might make.
- Any online communication that seeks personal or sensitive information should be viewed suspiciously.
SDN also points out that communications that urge rapid action should be viewed with suspicion. Take time to think and verify that companies and links are legitimate.
Take special care to inspect the source address of any incoming suspicious messages. It might resemble the address of a familiar company, but is that really the company’s address? Check it out independently.
SDN is among the companies that occasionally test employees by, for example, sending out fake emails. Security staffers then monitor who responds, not to shame the employees but to help teach them how to avoid risks.
Training employees once isn’t enough, either. To maintain an effective defense, training related to network safety must be updated regularly to keep up with the changing cyber threats.
Always be cautious. Don’t get hooked in a phishing scheme.
Editorial Note: Blog updated since first posted