How can I protect my employees from phishing?

People getting scammed is nothing new. In fact, phishing is still the common most type of cyber-attack. Most people have heard of the Nigerian Prince scam. However, with advances in technology, there have been advances in scammer’s technology and tactics as well. Many have taken a liking to the form of scams called phishing attacks.

What is Phishing?

Phishing attacks are fraudulent attempts to obtain personal information, such as passwords and credit card numbers. They may also attempt to scam the users into providing the scammer with funds to an off-shore account or something similar. Common methods of this occur when the scammer sends out an email stating that they are someone that is higher up in the company, or some distant relative, needing some assistance with an important task.

Prevention

Given that these attacks have become very common practices by scammers, it is becoming more and more essential to prevent getting attacked by the scammers. There are two primary means of doing so; Software, and End User Training.

A lot of people will run an Anti-Virus on their computer and assume that they’re fully protected from outside threats. However, what a lot of people don’t see are the blind spots that they’re leaving open from protection. For an Anti-Virus to be effective against something like malicious emails, you would need to verify that it’s running real-time protection, as well as being able to access your email while you do. Such examples would be premium Anti-Virus/Anti-Malware programs or SandStorm’s very own Managed Anti-Virus.

The weakest link, however, comes to the end-user. If a scammer sends in an email with no attachments, it will commonly bypass software filters and face the user directly. It’s then up to the user to stay vigilant and recognize errors in the email to let you know that there is a scammer behind the other end of the screen. Common mistakes you may see are capitalization in letters that look similar and using different symbols or letters to disguise them as another. Such examples are replacing a lower-case “L” with a capital “I”, or a lowercase “m” with “rn”. For the end user, the best method to prevent attacks is to regularly train for noticing phishing attempts. It’s best to provide phishing training at least once a year, but for larger companies, it’s probably best to increase this number to twice a year or even running a training session quarterly. For other articles on how to avoid phishing scams and other social engineering, check out “Phishing: How to Avoid Phishing Scams” and “Don’t Get Phished”.

If you ever think that you or someone is your organization is getting phished, or have any IT security-related questions, feel free to call the experts at SandStorm IT at 901-475-0275.