How to protect yourself from phishing attempts

 

IT threats are becoming more and more complex and creative.  You have ransomware, major firms being hacked, and numerous types of scams. One of the fastest and most successful threats are phishing scams. If you are not sure what phishing is or would like an example of phishing, click here

Some of these suggestions are probably not very convenient for you, however losing tens of thousands of dollars or your company’s reputation is also not very convenient. This issue is VERY REAL, thousands of businesses have been scammed and it CAN happen to you. Every year small businesses are losing a half a billion dollars a year.  Malicious users are becoming more clever. It is your choice.

1. Do Not Provide Users & Passwords to Anyone. When in question, Ask.

Malicious users will typically try to fish information from you such as username and passwords to gain access to your system.  Typically they will ask you to put in your account information in PDF forms, web forms or even as text in an email. There shouldn’t be any reason for someone to ask you for your password such vendors, clients, bankers, etc.  Be sure to educate your employees, friends, and acquaintances. Even the people you don’t like, it is not fun to be a fraud victim.

2. Use Two-Factor Authentication

It is probably almost next to impossible to always make sure that your employees are not providing passwords to unauthorized people.  To help protect your accounts, institute Two-Factor Authentication to help protect your accounts in case someone does release password information or if the account was hacked.  Two Factor Authentication is when a user is required to enter two forms of identity to access your accounts.  For an example: To get cash out of an ATM, you need your bank card and your pin number.  Or if you log into your bank account on the web, you need to put in your password and a passcode that was sent to your cell phone. 

If you are using Office 365 or Google for your emails, they have Two-Factor Authentication available.  It is strongly advised to enable this feature on everyone’s account.  This will prevent malicious users from access your email account with you knowing.  Especially in today’s world - you have personal and corporate documents, databases and emails tied to your Office 365 or Google accounts.  The way it works is when someone tries to log into your Office 365 account with your username and password, it will send you a text message with a passcode to complete the login.  If that person does not have the second passcode, they can’t log in.

Again, it is strongly advised to set this up.  If you need assistance in setting this up or want to learn more, contact us @ 337.233.5010 or send an email to support@cbmtech.com.

3. Do not open emails or attachments that look suspicious.  When in question, Ask.

If an email or an attachment looks suspicious, do not open it and delete it.  How to tell: 

  • Look at the email address to verify it is correct - If you received an email from ABC Company, they have a domain abccompany.com; however if the domain is abcompany.com, it is spam.
  • Look at the content (in preview mode) - If the content or the way it was written is different than previous emails, it is probably spam.  If you are not sure, contact your IT provider.
  • If it asks for personal information – Most legitimate people will not ask for personal information via email.  If it is requesting personal information and not sure, contact your IT provider.
  • Look at the name of the attachment – if the name is suspicious, whether it is an excel, word, or pdf file, don’t open it.  If you are not sure, contact your IT provider.

4. Do not depend on spam filters to stop ALL phishing attempts.  When in question, Ask.

Malicious users are becoming more clever and creative in their attempts.  They will gain access to people’s email accounts and send emails from them.  For scenarios similar to this, spam filters will not work.  Spam filters are a great and necessary tool to HELP eliminate threats, they are designed to clear 95%-99% of phishing attempts, emails with bad attachments, spoofing and plain ole spam.  However, spam filters are an automated system and automated systems can be fooled.  In the end, don’t expect that every email is good just because you have a spam filter.

5. Do not send funds based on information in an email.  When in question, Ask.

If you receive an email that asks you to send money via ACH or any other methods, DO NOT SEND the funds without verifying that they are who they say they are.  PICK UP THE PHONE AND CALL THE PERSON.  DO NOT use the number from the signature on the email, as it may have been changed by the malicious user.  Get the number from your contact list or an older email if you don’t have their number saved elsewhere.

6. Perform security awareness training with employees regularly.  When in question, Ask.

If you have company or management meetings, spend 5-10 minutes educating your employees each time. 

If you want to do more to better train your employees, CBM Technology offers a service that does phishing test on members of the company.  It works by sending a spoof email to employees periodically throughout the year to see if they provide sensitive information.  After the test run, we will provide senior management with a report of who failed the test so they can be further trained before an incident actually occurs.

If you have any questions, please send an email to blake@cbmtech.com.