What is phishing?
By now, you probably have heard of the term Phish. We all get spam emails, that is nothing new, but phishing is spam sent with the intent of getting you to give up information or introduce a virus into your system. Phishers will go after anyone, but they usually like to target CEOs, CFOs, legal firms, human resources, and financial institutions.
In recent years social media and online retailers have seen an increase in attacks. These groups have client data and sensitive information that attackers seek, and they need to be on high alert to protect themselves and their customers from phishing scams.
These phishing messages can be incredibly persuasive, so here are a few quick tips to avoid getting caught by one:
The email has a sense of urgency.
Statements that sound like threats to cancel your accounts, forfeit your retirement, or, my favorite, cancel your Social Security Number are almost always a red flag.
Spot that typo.
While not always a red flag, any email that just doesn't sound right or doesn't make good sense should be suspect.
Don't click on that link.
You should always be cautious about clicking on any link in an email, even if you know the sender. Links in legitimate emails should be easy to tell where they go. First, hover over the link to see if the destination is the correct one. However, some phishing attacks are relatively sophisticated. The phishing destination URL can look like a good duplicate of the genuine site, set up to record keystrokes, or steal login/credit card information. Try going straight to the site through a search engine rather than clicking on that link if in doubt.
Never give your information to an unsecured website.
If the URL of the website doesn't start with "https," or you cannot see a closed padlock icon next to the URL, do not enter any sensitive information or download files from that site. It's not a foolproof tell, but it's better to be safe than sorry.
Lastly, know what a phishing scam looks like.
New phishing attack methods are evolving all the time, but they share similarities that can be identified if you know what to look for. Many online sites are available to inform you of the latest phishing attacks and their key identifiers, such as www.consumer.ftc.gov. The earlier you learn about the latest attack methods and share them with your users through regular security awareness training, you will be more likely to avoid a potential attack.
Who is Greg Gammino?
Our resident security expert, Greg Gammino, is ELM's Director of Information Security & Data Protection Officer. Greg has more than 20 years of IT Engineering and Information Security experience. Prior to joining ELM, Greg led security operations across several industries including Healthcare, Fulfillment, and Logistics, IT Consulting, and Higher Education.