Hearing the word “fishing” will leave you thinking of a relaxing, lazy day floating on a river without a care in the world.
But being lazy when it comes to “phishing” – spelled with a ph – could leave you and your company’s IT systems vulnerable to a cyber attack.
In late summer of 2017, the U.S. government put out a warning in the wake of Hurricane Harvey. Senders were shooting off emails seeking donations to the victims of Hurricane Harvey.
The only problem? The links in the emails didn’t lead to actual donation sites. They were a commonly perpetrated trick known as a “phishing scam.”
In this post, we’ll look at what phishing scams are, how you can spot them and what to do when you fall victim to one.
Phishing Scams: What Are They?
A phishing scam is a form of social engineering attack. It is an email with a link to a malicious website that appears legitimate and requests the recipient to either click a link or provide personally identifiable information.
This can lead to serious consequences for you or your business. For example, take one specific type of phishing known as a ransomware attack. In 2016 a California hospital fell victim to one of these types of attacks. It led to the cyber attackers freezing the hospital’s IT systems and demanding a hefty payment in return for their freedom, essentially holding the facility hostage.
How to Tell an Email is a Phishing Scam
There are multiple signs that can alert you to an email being a phishing scam. Here are some common traits to look out for:
- The email doesn’t appear professional with multiple grammar and spelling errors.
- It does not address you by your first or last name.
- The sender’s address includes the name of a trusted company or internet provider you may use or be familiar with.
- It could attempt to prey on the good nature of the recipient, requesting donations for disaster relief or a medical issue.
- It will almost always contain some sort of message beckoning you to click a link.
What To Do Once It Happens
Let’s say you’ve found yourself in the unenviable position of having fallen prey to a phishing scam. Perhaps it was an especially convincing email or mirrored the email address of an organization with whom you’re familiar. Below are some tips on how to respond once you’ve opened that email or clicked on one of its links:
- Stay Vigilant! The best offense is a good defense. Be vigilant when checking your email. The most effective form of treatment is prevention before an attack occurs.
- Contact your network administrators. They are your first line of defense against any possible malware or other malicious cyber attacks. They may be able to help mitigate the impact of the damage with more technical expertise than you possess. They can also monitor your systems to ensure or handle further breaches.
- Change your password(s). There’s no way to tell how much information the scammers may have. The safest measure to take is to change any password stored on the computer you used at the time of the attack.
- Contact Your Bank. If you have vital passwords or your social security information stored on your computer, the scammers may be able to hack into your finances. Check with your bank to make sure there hasn’t been any fraudulent activity with regards to your checking and/or savings accounts.
- Check Your Credit Score. This one applies if you’ve used the affected PC or laptop to perform any financial transactions or otherwise share personally identifiable information. To ensure the scammers did not use any of your information to open fraudulent credit card accounts, you may want to consider checking your credit score using a verified site such as Credit Karma.
- Patch All Your IT Systems. Make sure your antivirus software is 100% up to date. Run a scan on your computer or laptop to avoid any corruption of your operating systems. If your systems aren’t currently patched, they should be. Failing to do so represents a massive IT security vulnerability.
Remember: be careful when opening any email and even more vigilant when clicking any links contained within an email. Failure to do so could potentially cost your company lots of money and time spent fixing the issue.
For more guidance on best practices for better IT security and other technical issues, contact us today!