Best Practices to Recognize and Prevent Phishing

Best Practices to Recognize and Prevent Phishing

Key Points

• Phishing is a common type of scam where the victim is enticed to share sensitive information that can lead to fraud.
• Phishing can be done via email, social media, text messaging, or any messaging app.
• Don’t send payments before verifying the request’s legitimacy.
• Rather than clicking on email links, go directly to a company’s website from a separate browser window.
• Be on the lookout for emails and social media messages from hijacked accounts that may appear from personal contacts.
• Share basic security protocols with all employees. Please ensure they’re clear about securing their devices and data sharing policies.

Phishing scams are becoming more common and can take many forms. According to Expert Insights, 80% of companies have seen an increase in email phishing attacks since March 2020. This article will explore phishing and how businesses can guard against it.

Hear From Our
Happy Clients

Read Our Reviews

What is Phishing?

Hackers and scammers use a variety of methods to fool people online. What sets phishing apart is that it involves messages that purport to be from a trusted source. It may be a phishing scheme if you see an unusual message in your email or social media supposedly from a friend, colleague, or financial institution. The goal of phishing scams may be to install malware or a virus on your computer, convince you to make a payment or obtain confidential financial information such as bank details.

Types of Phishing

There are several types of phishing. These terms are all taken from actual fishing and describe different ways scammers can capture important data. Email phishing, the most common type, usually involves sending bulk emails and hoping some recipients will be fooled. These emails appear from reputable companies such as a bank, PayPal, or Amazon. One way to spot these emails is to look carefully at the recipient information and the email body. Phishing emails often contain spelling mistakes, unusual fonts, and random characters.

Other types of phishing, such as spear phishing and whaling, are more targeted. These messages are directed at a specific individual, such as an employee or officer in a company. Whale phishing targets high-ranking corporate officers such as the owner or CEO.

Avoid Social Media Phishing

Small Business Trends reports that phishing attacks are common on social media, with 71% of companies experiencing social media attacks in 2021. Because of its B2B focus, LinkedIn makes up most of these attacks. It’s important to inform employees to be cautious when interacting on social media. Many attacks pretend to be from a contact.

Use common sense before sharing information with anyone you don’t know well. Spearing and whaling are longer and more involved scams. They are more like online versions of old-school cons. The scammers may research the target on social media and other sources. They may connect with you on LinkedIn or Facebook. This can make it easier to gain the target’s trust before getting them to reveal sensitive information. Don’t respond to direct messages from unknown recipients. It’s safer only to accept contact requests from people with whom you at least share some common contacts.

Beware of Fake Invoices And Check Requests

In the informative video, North Carolina CPA Gives Advice On How To Protect From Phishing Scams, Kevin Bassett discusses the dangers of fake invoices and payment requests.  He advises businesses to have a verification system where employees must check with someone in authority before sending payment.

A popular variation on this scam is a fake PayPal (or other payment processing) invoice. These invoices may look legitimate and appear from companies you work with. However, employees should be on the lookout for any irregularities. For example, if the amount is unusual, sent at an unusual time, or if you’ve already paid the invoice. If an employee has doubts, he or she should ask a supervisor or owner. You can always call the company that allegedly sent the invoice for verification.

Have Clear Guidelines About Sharing Data

Ensure all employees know what they may share and with whom. Creating data classification categories such as public, internal, classified, or restricted is useful.  A data classification policy won’t, by itself, prevent all phishing efforts. It will clarify what kind of data they should never share.

Be Careful About Clicking on Links

One of the most common ways hackers can steal your data is by clicking on a link, whether sent in an email, social media post, or messaging app.  Don’t click on anything or reply if you have doubts about a message. Rather, open a new browser page and bring up the company’s website.

Think Before Responding to “Urgent” Messages

Phishing scams are designed to get victims to react without thinking. They often do this by saying you need to take urgent action to avoid a serious problem. On the other hand, they may also create a sense of urgency to seize an amazing opportunity before it’s too late. In either case, you rarely have to respond to a message immediately. Whoever gets the message at least has time to check with a manager or owner, call the company, or log onto their website in a new window.

Simple Tips to Share With Employees

Keep these tips in mind and share them with your employees.

• Check a site’s security. Phishing can occur in messages and when you visit an insecure website. Never send payments or share sensitive information if a website’s URL doesn’t begin with HTTPS (rather than just HTTP). The Chrome browser gives you a warning when you land on an insecure site. However, it’s always best to visually check the URL.
•  Avoid public Wi-Fi –Public Wi-Fi networks are not secure and are frequently targeted by hackers. Never conduct financial transactions or share personal information in public spaces such as coffee shops. If you or your employees work in public, it’s safer to use a mobile hotspot than public Wi-Fi. Another option is to use a virtual private server (VPN).
• Be careful of popups —Popups are another tool that can be used for phishing. Many of these popups have warning messages that your computer has been infected. Disregard popups and close them immediately.
• Protect devices using trusted antivirus and anti-malware software.
• All personal devices should be secure. This includes password protection and using data encryption for all data.
• Keep all devices, operating systems, and software up to date.

Phishing scams are likely to be around for a long time. The most you can do is be aware of them and do as much as possible to avoid them. Being alert and vigilant can prevent the vast majority of phishing attempts.