- Phishing is the act of sending out malicious emails and has caused over $1.2 billion in loss.
- These malicious emails can be highly targeted and involve an extensive amount of planning.
- A successful phishing campaign can create a depressing ripple effect.
- Phishing often targets small professional firms relying on susceptible staff .
- Suspicion is your greatest ally when it comes to online email scams.
Due to its simplicity and high rates of success, phishing attempts have become pervasive amongst low-level criminals and high-tech hackers alike. Overall, experts estimate that phishing and ransomware attacks generate over $1 billion annually from direct ransom payments and corporate loss.
In fact, Facebook and Google were recently the victims of a phishing scam resulting in significant losses. Staff members at both companies were tricked into sending money to a hacker impersonating an electronics company. The attack lasted over a span of two years before he was caught.
If tech savvy people, like those at Facebook and Google can become victims of phishing, what do you think are the odds of your staff falling victim?
Education is the first step.
Is it urgent?
- Phishing emails are typically urgent
- Do this immediately, respond within the next few hours, don’t wait any longer
- This type of language should be a red flag
Is it grammatically correct?
- Phishing attacks may come from another country
- If this is the case, the phrases may look weird and the grammar might not be 100% correct.
Is the sender’s email address correct?
- If it’s a spear phishing attack – which is more targeted – the email might come from a source you know. Or it could come from a company you do business with.
- Because of this, it’s important to pay attention to the email address – to review it carefully and ensure its accuracy.
- Is the name spelled wrong?
- Does it come from a weird domain?
- Are there numbers that aren’t normally there?
Is the call to action normal?
- Most phishing emails will ask you to do something – download an attachment, give up login information, provide personal or financial information
- If this is the case, ask yourself if it’s normal. Is it traditionally the way this type of thing is handled?
- If not, you should think twice about carrying out any call to action.
How do you protect yourself from Phishing?
Your greatest defense against phishing emails and social engineering, in general, is your suspicion. You should always remain 100% suspicious of every request for information, money, and data that you receive – even if it comes from your CEO. Here are a few tips to help you and your fellow team members protect your business and yourselves from everyday phishing scams:
- Create strong internal processes that encourage requests to be double-checked and sometimes triple-checked.
- Review all contents of the email to ensure that the proper grammar, contact information, and email address is used.
- Consider the request carefully, and don’t always respond immediately. Ask yourself why someone would need this information, if this is typically how things are handled, and if this is coming from and going to the appropriate source.
- Use strong anti-phishing software that protects your inbox and your internet browsing.
- Regularly train and educate your staff members on how to effectively detect and avoid phishing emails.
A few key rules and strategies can protect your data, identity, and assets.
As always, we are here to get you on the right path!
BYOD (Bring Your Own Device) Lunch & Learn – Co-Sponsored by the Washoe County Bar Association
Friday, May 4, 2018
11:00 a.m. to 1:00 pm (Q & A 1:00 to 2:00 pm)
2 Hours CLE Ethics Credit
Bruce Thompson Federal Courthouse