Phishing scams are the most common cyber attack you're likely to experience. We've all seen one a scam promising us a million dollars if we act now, or a fake email from Amazon wanting to provide an update for "your upcoming order." Last week, I even received one that appeared to be from the CEO of Blue Ridge Risk Partners.
Phishing emails are very profitable for cybercriminals. In fact, 22% of data breaches involve phishing. Thousands of people fall victim to them each year. Phishing scams are avoidable if you know to correctly identify and prevent them.
Think you know about cyber liability insurance?
What is Phishing?
According to Merriam Webster, phishing is the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly.
Phishing is a type of cybercrime where cyber criminals use email, mobile, or social channels posing to be someone they are not. They try to get personal information - bank details, credit card information, etc. This information can then be used for identity theft to crippling down company computer systems.
How to prevent a phishing attack
- Know what a scam looks like. Stay up-to-date on the latest phishing attack methods and share with your company users. An easy way to identity a phishing email is to look at the email address. Is this an email that came from Netflix? If the email address is something like @inetflix.com or @netflx.com this is probably phishing. Typos would not exist in an email address coming from Netflix.
- Use security software. Set your software update to automatically so it can deal with any new security threats that come your way. Don't forget about your mobile devices! Set those software updates to automatic, too.
- Rotate passwords regularly. I recently saw a meme that said, "I have no more passwords in me." I feel that; however, keeping your passwords updated regularly can really help. And for goodness sakes, don't use something like "password123" for a password.
- Don't give your information to an unsecured site. Don't know how to check if a site is secure or not? Just take a look at the website url. If it doesn't start with "https://" only "http://" it's not a secure site.
- Don't click! If you receive something that even slightly seems suspicious DO NOT CLICK. Instead, hover over the link to see if the destination is going to where it says it's going to. Some phishing programs will still create carbon copies of the url, so it is best to not click.
- Don't give out important information. Do not give out important information unless it's an absolute must and it's coming from a trusted and secure site.
- Install an Anti-Phishing toolbar. Toolbars can be added to your internet browser. These toolbars run quick checks on sites that you are visiting and compare them to phishing sites. If you come across a malicious site the toolbar will tell you about it.
A concrete cyber liability insurance plan example:
What to do if you are a victim of phishing
If you responded to a phishing email and gave out your personal information reach out to IdentityTheft.gov. Provide the information required. Change all of your password immediately.
If you know the company that was spoofed reach out to them.
All it takes is one employee to take the phishing bait in your company. While having spam filtering and outbound filtering in place can help, it's still not foolproof.
So preventing phishing 100% is difficult, but what you can focus on is how to limit the damage caused. Staying on top of updated passwords and including two-factor authentication can help.
When all else fails, having a cyber insurance program in place can help. Reach out to us today to learn more.