Have you ever clicked on an email that seemed legitimate, but wasn’t?
One-third of all cybersecurity breaches involve phishing; a common type of cyber-attack that you and your team should learn about in order to protect your organization.
What is Phishing
Phishing is a type of social engineering cybercrime in which an attacker poses as a legitimate institution in email or text messages. Attackers lure individuals into providing sensitive information or data through malicious links or attachments that install malware. This information is later used to access important accounts and can result in identity theft or financial loss.
Sometimes attackers are satisfied with personal data and credit card information. But commonly, phishing is used to gain access to sensitive data in corporate or public sector networks. Everyone should be aware of these attempts and learn to protect themselves from phishing attacks.
How to spot phishing attacks
To fight phishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inbox.
Our cybersecurity experts suggest you look for these six signs to assess if an email is illegitimate:
- Check the email address of the message
- Assess unfamiliar tones or greetings
- Look for threats or a sense of urgency
- Be weary of unusual requests such as “Can you buy me this Amazon gift card?”.
- Keep an eye out for consistent grammar and spelling errors
- Avoid suspicious file types (.zip, .exe, .htm, .iso, etc)
If you are still unsure, don’t visit the links implanted in the email. Instead, take the long way! For example, if the email suggests Netflix wants you to reset your password, rather than clicking the link in the email, open a new tab and reset your password directly from the legitimate website.
What to do if you think your network has been breached
Phishing scams are becoming more sophisticated and it’s getting harder to spot threats, so it’s not uncommon for you or an employee to fall for one.
Typically, your cybersecurity system will protect your important data, but a small misconfiguration on your firewalls or routers can unknowingly grant cyber criminals access to your systems or network.
Here are some tips for you if you think your network has been breached:
- Contact your IT team. If your business has a proactive threat detection and response program, likely they have already detected the breach and can react accordingly to protect any sensitive data.
- Change your passwords. Take the time to change your login credentials to ensure the assailant cannot inflict further damage.
- Whether you downloaded an attachment or clicked on a link, it’s a good idea to scan your computer for viruses and malware. If your company utilizes a Managed SIEM program the gap between compromise and detection is minimized substantially. This can reduce attacker dwell time and mitigate the potential impact of malware installed from the link.
- Watch for warning signs of identity theft. Keep a close eye on your bank and company credit card statements. Look for any withdrawals or purchases that you haven’t authorized.
- Proceed with caution. Keep an eye on anything the attacker might’ve accessed during their short-lived attack.
The best way to protect your data from phishing attacks is prevention.
Given the time, money and hassle involved in recovering from a phishing scheme the best way to avoid becoming a victim of an attack is awareness and caution.
Difenda’s penetration testing and vulnerability assessment can assess your network’s weaknesses. Our cybersecurity experts will assess the security hygiene of your perimeter devices, servers, applications, and encryption technology. We can target anything that is accessible from the internet for potential security vulnerabilities. That way, if a breach happens, cybercriminals can’t get access to the targeted data.
You can also minimize risk by arming your team with the tools to spot and avoid phishing emails. Security awareness training is one of the best ways to protect your business. With 64% of organizations experiencing a phishing attack in the past year, it pays to fortify your team with increased awareness and proceed with due diligence.
If all else fails, and your business is compromised, Difenda’s Remote Incident Response team can help!
If you think you are experiencing a breach contact our team now.