What you need to know about Phishing Scams
Do Not Take the Bait

Phishing attacks—fake emails that ask for money or credentials, or carry malware—have been around for decades, and they continue to evolve. Over the past three months, phishing attacks have exponentially increased, rising alongside the confusion that comes with new working and living conditions for many people around the globe.

Many recent phishing attacks have come in the form of emails claiming to provide    information regarding CDC guidelines, recent local COVID-19 cases, stimulus checks, and unemployment benefits. Even someone who is typically vigilant with their incoming mail could easily ’take the bait’ on topics like these, for which everyone has been desperate for more information.

Add to this the unfamiliarity many employees faced while working from home recently; for most, this was a new experience, and the additional security measures and habits necessary to safely work remotely would not have come naturally to everyone. Many were tempted to skip multi-factor authentication for convenience, or had to use home networks less secure than a professional network would be.

Of course, there is a surefire way to prevent a phishing attack from succeeding: don’t click what they want you to click.

This may seem easy enough, but modern phishing attacks are much more convincing than the ‘Nigerian prince’ cons we used to laugh about. Not only are generic emails that appear to come from Amazon, the CDC, or major banks relatively easy to forge, but attackers can even go one step further, with spear phishing. Spear phishing requires some more work, involving some research on a target, but the result is a more fine-tuned email tailored to match the target’s own location, interests, or even their recent online activity.

So, to protect yourself from giving away your credentials, an important first rule to follow is to simply never send credentials over email. Even in legitimate emails, no system is completely immune to being breached. This advice goes not only for passwords, but for bank details, social security numbers, or other sensitive or identifying information.

Many phishing attempts will attempt to install malware, rather than ask for credentials directly. When opening any email, it is critical to double check who sent it, the exact nature of any attachments, and the true destination URL of any embedded links. Be sure to hover over any hyperlinks to examine where they will take you and watch out for an intentional typo in the URL. For example, an attacker could link you to “paypaI.com,” but upon hovering the link you would see it’s actually “paypai.com” thanks to the URL appearing in all lowercase in the bottom left of your window.

Much of this advice may seem like common knowledge to technology professionals, and to longtime business professionals in general.  However, as is the case with all cyber security, a company is only as strong as its weakest link. It is crucial that all employees are aware of the dangers of phishing, and that they take the necessary precautions to keep themselves safe.  As always, if you need assistance, we have got a dedicated team to help.