Phishing is simply and attempt to steal personal information by using fraudulent messages. According to the FBI, there were close to 800,000 internet crime complaints filed in 2020 and approximately a quarter of a million were phishing victims. This number does not estimate phishing attempts that were not reported to the FBI in the U.S. or around the world, making the actual number most likely orders of magnitude higher.
No matter how you look at it, phishing is a major problem in the world today and perhaps the most common internet scam currently out there. It can be extremely detrimental to your reputation which is often not quantifiable. Imagine one of your employees falls victim to a phishing attack and their email address was hijacked and used to send out phishing attempts to all your customers or clients. How do you recover and regain trust? What future business was lost?
To truly appreciate the danger of phishing for the individual, take a minute to look at what information a scammer could learn about you if they gained access to your email account. If they have your email address password and the same password is used elsewhere, what else can a scammer access?
- Do you bank online? Chances are your bank has sent you an email at some point, this could point a criminal to your bank account. If you use the same login credentials for your bank as your email, a criminal can now see your account information.
- Do you pay your utility bills online? The confirmation emails could give a criminal access to your address and/or phone number which can be sold on the dark web.
What is phishing?
The most basic form of phishing is attempting to collect login information. The scammer can do this by simply gaining access to someone’s email account and sending an email to everyone in that person’s contact list. In that email, will be a fake file attachment or a link to a fake website, often posing as well-known companies like Amazon, Microsoft, etc., that will ask the recipient to enter their login information. Once someone enters their login information the criminal will then duplicate the scam with the newly collected email addresses and passwords.
Once the login info has been collected, the scammer can sell that information on the dark web or use it to gain access to your bank account, credit card or other personal information.
What is spear phishing?
Spear phishing is a targeted phishing attack. Criminals will extensively research a particular person or company to make their scams more effective. Since the messages appear to be legitimate, it is more likely to work. This type of phishing attack is often very hard (but not impossible) to defend against.
How can you protect yourself?
Security awareness training. Security awareness training will help arm your employees with the knowledge of how to keep their data safe and not fall victim to an online attack.
Multiple levels of security. It’s very important to understand it is almost impossible to stop all attacks. But it is also important to make it as hard as possible for criminals to gain access. That’s why data security needs to consist of many levels, from what’s coming in to what’s going out, every interaction and piece of data must be secured. Email security can help stop phishing attempts from arriving in your inbox or being sent out if you find yourself a victim. URL filtering and antivirus software can help block potentially malicious links, websites, and files before they can do major damage. It’s important to find a solution that works best for your company because doing nothing could be detrimental to your business.
Use different passwords for each website. Criminals will often assume that most people use the same password for most (if not all) websites. More often than not they are correct, and individuals have left themselves vulnerable to attack. Criminals try to exploit this vulnerability; so, it’s important to use a strong password and use it only once.
To save having to remember all those passwords, try using a password manager such as 1Password that will suggest strong passwords and store them, allowing you to access your passwords in a secure location other than your browser.
Use two-factor authentication. This is perhaps the most important practice to stop any potential data breach. It is very important to always use two-factor authentication. That one extra step in confirming your login could mean the difference between a criminal accessing your information or not. Often, two-factor authentication uses your cell phone to either call your number or send a text message. Since you are the only person with access to your phone number, you’ll be able to confirm a valid login attempt or take corrective action if an attempt is not valid. If a criminal does get your password; when they try to login, you will be notified. Without confirmation, they will not be able to access your account. You will then know your password has been compromised and can change it immediately.
If you even suspect you may have fallen victim to a phishing attempt, change your password immediately. It’s also a best practice to change your important passwords regularly, especially for your email.
To report a Phishing attempt or other suspicious emails or text messages to the FTC, click here to learn more.
Contact tca SynerTech today for more ways to improve your email security. We have nearly 25 years of experience protecting people and businesses from attacks like these.