Phishing - Would you fall for it?

Phishing - Would you fall for it?

Friday, March 17, 2017/Categories: Identity Theft, Small Business, Workplace Communication

Many of us think that we could easily spot a phishing attempt. Phishing is the practice of sending out emails purporting to be from a reputable company in order to induce an individual to divulge usernames and passwords, credit card or bank details, or other personal information. Most of us have seen that urgent request from a foreign nobility who just needs access to your bank account so he can transfer his fortune to you.  But what if you got an email that looks like it came from your HR department requesting you to activate your new webmail account by clicking a link and providing your username and password?

ZDNet recently published results from security firm MWR Infosecurity which you can find at this link:

http://www.zdnet.com/article/phishing-would-you-fall-for-one-of-these-scam-emails/

Users were found to be far more likely to click through a request that appeared to be from an HR department or a social media friend request than most other forms of attacks.  Nearly 25% of users clicked through a social media connection request, and more than half of those users provided a username and password.  Nearly 20% clicked through if the request looked like it came from HR.  Many of those downloaded a file after providing credentials.

So how can you protect yourself or your organization from phishing attempts?

1. Training.  Users need to be trained to go through steps to check if the email looks suspicious.  Look at the From address - is it from a domain you usually work with?  Is it slightly misspelled?  Look for branding mistakes or typos.  If you are not sure, report the email to your IT helpdesk or outsourced provider, and they can check into whether it is legitimate before you click on any links in the message.

2. Implement best in class security on your network.  Email services should be set up to block phishing attempts and filter SPAM.  Make sure your firewall scans all network traffic for malware and viruses, and blocks access to disreputable web sites.  If your current router or firewall does not handle this, upgrade to a device that can.  Ensure that your desktop security/antivirus software has ID protection capability.

3. As a last line of defense, make sure you can recover from any phishing attempt.  Keep data backups in a secure location, preferably both locally and in the cloud.  Invest in identity protection coverage so that if personal details are compromised, you are able to recover with minimal loss of time and finances.

Harmony Technology Solutions can help you implement all three of these items.  Schedule an employee training in which we will go over what the signs of phishing attempts are and how to avoid and report them.  We will evaluate your network security and set up the necessary hardware and services to keep as much phishing mail from reaching your desktop or mobile device.  Finally, we make sure your data is secured by both local and cloud backups, using technology partners such as Datto.  We can also provide ID theft monitoring and restoration services from LegalShield, both individually or on a group basis for employees.