Three Tricks to Spot Phishing Attempts
Cybersecurity needs to be a priority to any business that wants to continue their operations in the long-term. The most common threat is phishing, which accounts for 90% of data breaches, according to one recent report.
In 2018, there was an increase in the prevalence of phishing attacks by 269 percent when compared to their prevalence in 2017. In addition, a full 32 percent of reported data breaches that year featured phishing to some extent. United States businesses may have had cause for the most concern, as nearly 86 percent of phishing attacks targeted American companies.
NCSAM’s Phishing-Heavy Theme: “Own IT. Secure IT. Protect IT.”
With National Cybersecurity Awareness Month well underway, it’s high time to pay attention to some of its lessons. These lessons effectively boil down to pretty basic practices that any user should cultivate into habits. Naturally, this includes some anti-phishing tactics.
Remember, you also have a knowledgeable resource to lean on for advice – we’re always available to assist you and your team. In the meantime, try implementing these best practices in your processes now to avoid phishing:
Don’t trust surprise messages
One of the first things to consider is whether you were expecting that email in your inbox. Oftentimes, an unexpected message can be hiding a phishing attack. Let’s say you suddenly get an email that says that it’s from Amazon, claiming that your account needs to have its payment credentials verified after some suspicious purchases were made. Stop and consider some other facts before you react… have you received something like a receipt in your inbox for something that you didn’t order, or an anticipated delivery date? Any emails can – and should – be examined in this way to ensure that you aren’t walking into a threat. It’s generally a good idea to reach out to the alleged sender through a different form of communication for confirmation.
Make sure the details match up
When we get an email, it’s pretty typical that we only take a quick glance at who sent it without giving it a second thought. If a cybercriminal is worth their salt, they would have used a fake email that isn’t quite perfect, but passes the “quick glance” test. For instance, would you sooner click on an email from “email@example.com,” or one from “firstname.lastname@example.org?”
The right answer is “neither,” as in “neither A-C-L-M-I-N or G-R-N-A-I-L actually say what they appear to say at first.” Therefore, they are most likely traps.
Don’t trust unexpected links or attachments, either
You need to be prepared before you open even a message. Some links and attachments contain malware, or automatically direct you to a website that will begin installing the malware. Some are especially tricky, asking the user to confirm the download, but completing the installation regardless of what they pick. Again, unless you expected an attachment or a link, think twice before just clicking through. It doesn’t hurt to confirm its legitimacy through another means, either.
Sure, October is National Cybersecurity Awareness Month, but hackers and cybercriminals don’t go into hibernation for the rest of the year. You should be sure that you’re just as secure for every one of the other 264 days as well. Ashton Technology Solutions can help – reach out to us at 216 397-4080 to learn more.