Phishing: Still A Concern

Jul 10, 2015 | Email, General Interest, Security

malware, phishing, virus, hackingBusinesses often don’t realize how vulnerable their confidential data is until it’s exposed by a hack. By now, many are aware of external threats to data security and (hopefully) prepare accordingly, but breaches can still occur—despite taking the necessary security precautions. And with phishing, threats don’t need to sneak in the back door; sometimes they walk right through the front.

The Ins and Outs

Phishing is the act of posing as a familiar, trustworthy entity in electronic communications and using that familiarity and trust to get recipients to release confidential information, such as passwords and bank account numbers.

While it’s difficult to pinpoint the exact origin of phishing, variations of the tactic existed as far back as 1995, when a program allowed attackers to pose as AOL company representatives and steal AOL users’ credit card numbers. A recent HP study found that nearly 70 percent of IT professionals experience weekly phishing attacks.

All it takes is one employee clicking on a nefarious email link, and your business is at risk. Just ask data security firm RSA, who fell victim to a major security breach in 2011. An employee opened an email thought to contain a spreadsheet of staff salaries, when in fact the email contained malware that gained access to, and exposed, some of the company’s confidential data.

The Dos and Don’ts

While it’s easy to advise that common sense is the best way to avoid phishing scams, that’s not always the case. Some of these emails are so clearly fraudulent it’s almost comical, but even the most cautious employees can be tricked by the authentic-looking scams. So, what are the things to look for when trying to identify a potential phishing email?

[list style=”bullet”][li]Unusual sender address: Many times, the address will appear legit at first glance, but if you look closely you’ll often notice some slight discrepancies (for example, “name@h-p.com” instead of “name@hp.com”).[/li][li]Unusual URL: Similarly, if something seems off about the website URL they want you to click on, it probably is. Even if the link is disguised as a hyperlink, you can still hover over it before clicking to see the full address.[/li][li]Lacks personalization: If an email is telling you that your account has been compromised, or that you need to verify your password (all common phishing tactics), you would expect to see some personal information included (for example: name, account number, address). Since phishing attacks are sent out to millions of people, it’s rare that they actually contain this correct information.[/li][li]Misspellings: This is often the quickest way to identify a possible attack. The more misspellings, the more likely the email isn’t what it claims to be.[/li][li]Urgent action: “Please click this link/fill out this form immediately.” If it was really that urgent, someone would have called you.[/li][li]When in doubt: Don’t download any pictures. Don’t click on any attachments. Don’t click on any links. Don’t reply to the message. Don’t call any number listed on the email.[/li][li]The “What now?”: It happens. Maybe you weren’t paying attention. Maybe the email was so convincing you had no reason to doubt its authenticity. So you clicked on the link and… oops. If this happens, there isn’t much time to feel sorry for yourself.[/li][/list]

The first thing you should do is change the password for the legitimate site you thought you were visiting. Doing this ensures that the hacker who now has access to your old password won’t be able to access your account. If you’ve shared personal information like a bank account number, contact that institution immediately and let them know. They’ll be able to monitor your account and alert you of any unusual activity. To help prevent this from happening again, many browsers have a “report unsafe website” feature, and Outlook’s “junk” feature can help identify future threats.

Even taking all of these steps is no guarantee that you won’t fall victim to a phishing scam. As threats evolve, so too should your methods of prevention. HP Security Research (HPSR) can help your business stay current on today’s threats by providing a broad, independent, and deeply technical view into the security landscape that is unparalleled in the industry. With strong cyber security, malware, and vulnerability research capabilities, HPSR is a proven and respected partner for organizations worldwide.

If companies as large as Target and Sony can fall victim to data attacks, so might your business. By keeping current on threat trends, and establishing a security protocol for your employees, you’ll already be one step ahead of phishing attacks.

Recent Posts

Cloud Use Cases for Small and Growing Businesses

Cloud Use Cases for Small and Growing Businesses

As you may have heard, the cloud is a network of remote servers hosted on the Internet. But for businesses the world over, the cloud represents the next step in technological evolution. The cloud unlocks speed, flexibility, scale, and cost savings that businesses of...

2023 Cybersecurity Trends for Small Business

2023 Cybersecurity Trends for Small Business

The threat of cybercrime continues to grow each year, and small businesses are particularly vulnerable. The latest cybersecurity trends indicate that organizations of all sizes must remain vigilant in order to protect their valuable data.  In this article, we'll cover...

Security in a Co-Managed IT Environment

Security in a Co-Managed IT Environment

Security in a co-managed IT environment looks a little different than in a traditional environment. Don’t be alarmed. When leveraging a partner to co-manage your environment, you’ll actually have better, more robust security in most cases than if you were to manage...

Five Signs you Need Better IT Support

Five Signs you Need Better IT Support

IT systems can make or break any business. They provide an avenue for communication and collaboration, help with organizational efficiency, and drive improved customer service. Without proper IT support, businesses are often left in despair and experience hindering...

Co-Managed IT Services for Financial Services

Co-Managed IT Services for Financial Services

Financial services companies are faced with the challenge of keeping up with technology because they cannot sacrifice data security or compliance. As a result, more organizations are turning to co-managed IT services as an option that provides a balance between cost...

Co-Managed IT Services for Oil and Gas

Co-Managed IT Services for Oil and Gas

The Oil and Gas industry is an ever-evolving sector that operates in a highly competitive global market. Companies must stay ahead of the competition to remain profitable, which means keeping up with the latest technologies and trends. One way to do this is with...