We regularly see cases of successful phishing attacks. Most of them involve people being conned into sharing valuable personal information with unauthorized parties. This is usually done over email but sometimes involves a phone call.
A frequent scam goes like this. You receive an email from someone claiming to work at an organization you trust or regularly interact with such as your bank or a retailer you often shop with. They seem legitimate because they have likely gathered some accurate information about you from social media, your company website, press releases, or other public means. Since they get a few details right, you may be inclined to believe them. But you must dig deeper to determine if the request is legitimate.
You may be asked for personal information that could be used to access funds — credit card numbers, bank account information, passwords, etc. — or even asked to wire money. All this is done, of course, under false pretenses. And it could cost your business a heap of money and hassle.
What to Do if You Suspect Phishing
If you are contacted via phone or email and asked to send valuable information or resources, first take every step possible to verify the identity of the requesting party. This includes speaking to them on the phone. Or share the request with another leader in your firm to get their take on the situation. These extra steps could be enough to prevent loss.
Multiple layers of technological protection can help guard against the many online threats out there. But there is no replacement for education and preparation. Regularly remind your team members to remain vigilant and alert to abnormal requests that come through electronic channels. Also, be sure to empower team members to second guess anything they find suspicious. They should be encouraged to be skeptical about information requests. Their instincts could prevent significant loss to your company. So make certain you speak with your team members about their roles in spotting and preventing online threats.
Staff education should also be partnered with good anti-virus and anti-malware software and threat filtering at the gateway. Other tools such as software restriction policies, password complexity policies, and Data Loss Prevention tools are key to mitigating the risks present in the modern business computing world.
Stay well and vigilant in this challenging time! Please get in touch to talk about how EXP can help you improve your security safety net.