The email looks suspicious but comes from a respectable source: it’s your IT guy asking you to log in to a website. Or your manager requesting that you “open the attached document.” It might be tempting to click on any of these emails. Don’t. These are examples of sophisticated phishing scams that can access sensitive data and leave your business compromised.
Phishing attacks are disguised as originating from friends and are made to exploit human tendencies to be more trusting of information coming from close sources. Spearphishing is even more complex, as the scams use insider email addresses and information (such as business vendors and invoices) to make the “request” seem legitimate. One in every 3,000 phishing emails is directed at small to medium-sized businesses with fewer than 250 employees.
Employee training can play a critical role in protecting businesses from phishing attacks. Every SMB should have a comprehensive plan in place in case data does get compromised. In addition, here are a few points that employees should remember:
Don’t ever share personal information over email
Even if it’s your boss asking you for credit card details or your bank account number, refrain from sharing these. Instead, check directly to see if the email did indeed originate from your boss.
Don’t click links embedded in emails
Look closely for typos. When possible, type in the web address of the site you want to visit instead of simply clicking the link in an email. Phishing attacks are often carried out through fake websites masquerading as the real one (for example, Peypal.com instead of Paypal.com)
Don’t open attachments you’re not expecting
File attachments are a hotbed of virus activity, so don’t click on any attachments unless you are expecting one from a known source.
Watch out for misspellings
“Dear Sir or Madam” should be a red flag alert that you’re at the receiving end of a phishing attack. Apart from such obvious indicators, egregious misspellings from reputed professionals should be a warning sign to not respond to the email.
Don’t execute wire transfers
It goes without saying that there are legitimate processes in companies to pay invoices. It is definitely not by responding to emails asking for money.
No matter the size of businesses, all employees should be aware of what phishing scams might look like and report all incidents to an established IT solutions provider.
Contact CMIT Solutions to find out how you can recognize phishing attacks and secure your valuable data.