Phishing Scams and Your Business
What is a Phishing Scam?Some of the most dangerous and damaging attacks on your business can come from phishing scams. These are basically different ways of tricking you or your employees into giving a bad guy access to your network or computer.
How Phishing Scams Work
The key to these is to (1) look like a trusted source, (2) get you to either reveal private login information or click on an attachment or website with Trojan malware that can infiltrate your computer. These messages come to you most often by email, but could also be delivered by phone, text, or social media.
Looking like a trusted source can include making a fake website that looks like a major bank or vendor, etc. It can even be as simple as looking like the trusted source by putting their logo and formatting into an email. It can be made to look like actual emails you get from these sources. More sophisticated ways to look like a trusted source is after they have already hacked your email or social media, or hacks those of your associates, and then send you messages actually from their accounts.
Often you can tell when things aren't right by hovering over (without clicking!) the web or email links that look like one address, but the popup window shows they go somewhere else. But higher level disguises cannot be so easily distinguished. When it comes to fake messages sent from an actual account of a hacked associate, the only way to tell might be if they use phrasing or language that is unusual for that person, or they send unexpected things without notice, etc. But this is a very risky and subjective way to guess.
How to Prevent Phishing Scams
Fortunately, the ways of avoiding phishing scams are pretty straightforward. They begin with good habits. First and foremost, make it a personal and business policy NEVER to click links to websites from inside an email - even, and especially, to those you are familiar with.
For example, your bank sends you an email and asks you for something. It has a link to their website. When you click it, you are taken to (what looks like) the bank website. When you log in, you are actually giving your bank login information to the scammer because both the bank website and email were designed to look like the real sites.
What you should have done, if you think you need to follow up on the bank website, is - back out of your email completely, then go to your bank by using your regular bookmark or other means of getting to it which have no connection to that email.
This is the policy you should always follow for all links within emails.
The second aspect of these emails is if it has attachments. The solution here is to only click on (open) email attachments which are both coming from an known source, and were expected by you from an off-line communication prior to this. Even if the source is a known associate, if the attachment wasn't expected, contact them by an independent means (phone call, etc) to confirm they sent it to you before opening.
This is just one example of the kind of training DSTech Solutions offers to your senior staff and employees. No matter how good your security software is, the number one vulnerability is human error. If you are interested in consultation or arranging for such training, please contact us.
Contact Us Today with Questions or to Schedule a Free Consultation