People are usually confident about not falling prey to a phishing attack. So it comes as a big surprise when they have inadvertently fallen into a cybercriminal’s scheme. The Canadian government reports that around 800,000 phishing emails succeed in convincing an innocent recipient into clicking a link – every day. 10% of those people end up sharing their personal information. That’s why you and your employees need to follow the best practices outlined by your cyber security service provider.
What is Phishing?
Phishing is a type of socially engineered attack. Criminals deceive the recipient into sharing confidential information with a fabricated text message, email or website. They look like they originated from well-known businesses, banks, insurance companies and government agencies.
An example of this would be someone imitating an email from Microsoft Office 365. The victim is led to believe that they must share financial information or ‘reset the password’ else the account will be suspended. This directs you to a fake website which mimics Microsoft’s page and cheats you out of confidential information.
It is possible that your manager or colleague inadvertently forward you a spam email. That’s why it’s so important to have a vulnerability management program in place.
Tips for Protecting Yourself and Your Organization from a Phishing Scam
Be vigilant – Legitimate businesses and companies will not ask for information such as payment details and login credentials over email or over the phone. If you receive a request such as that, do not share any information until you have verified the request directly.
Beware of ‘From’ fields – The ‘From’ email header can be forged to make it seem as though it was sent by a colleague or from a legitimate business. It’s one of the most convincing tactics that lowers peoples’ guard. A vulnerability management program is essential to train employees.
Imitating domains – Most people don’t look carefully at the email address of the sender. However, deliberately misspelt domains catch many out. An example of that is an email from ‘firstname.lastname@example.org’. Without firewalls properly configured by your cyber security service provider, such emails will fill your employees’ inboxes.
Don’t open attachments – Email attachments and downloads from unknown websites can contain malicious software that can compromise the security of the computer and the company’s network. Remember, not downloading an attachment you are not sure about is much safer than risking a download.
Beware of ‘Unsubscribe’ – A phisher doesn’t care if you unsubscribe from his or her emails. That’s why the ‘Unsubscribe’ button is linked to a malicious website or software download. If the email looks like spam, just mark it as junk in your email program or delete it. Never click anything within the email!
About 10% of Canadian businesses have reported that they lost revenue as a result of cyber attacks.
Dealing with a Phishing Attempt
If you or an employee at your organization have received a phishing email, bring it to the attention of your IT consulting firm immediately. They can investigate it further and add the sender to the list of blocked senders or known spammers.
- Most large businesses, such as Microsoft, operate a dedicated channel for receiving phishing emails and communication that mimics their brand. Carefully forward the phishing message you have received (without opening it) to that channel.
- Inform your manager or supervisor about the attack and if any information was shared. Complete disclosure at this stage is important as it can limit the effect of the attack.
- Contact your vulnerability management program manager to bring it to their attention and they can protect the company from similar attacks in future.
Kitchener’s Trusted Cyber Security Services Provider
EMKAL is one of the most trusted IT consulting firms in Kitchener. Small, mid-size and large businesses trust us to manage their firewalls and keep their employees safe from socially engineered cyberattacks. It’s why employee training is such an integral part of our cyber security apparatus. Speak to a representative about keeping your organization safe from phishing attacks.