Phishing: Don’t Take the Bait
Phishing emails are fake messages designed to lure people into clicking on dangerous links, sending sensitive information, or transferring money. Clicking on infected links can result in ransomware, data loss, unauthorized access of sensitive or protected data, or financial theft. ‘Phishing’ refers to messages broadcast to a wide audience, such as emails stating that your bank credentials need to be updated, you have underpaid your taxes, or your credit cards are blocked. ‘Spear-Phishing’ messages are personalized messages targeted at individuals, like HR and finance department managers and staff, often from ‘the CEO’ or someone else in authority. These messages ask for sensitive information, such as payroll records, to be sent, or for money to be transferred. Spear-phishing hackers often use information about the sender, that they find on a corporate website or in social media, to gain the recipient’s trust. Electronic tools should be implemented to identify and block phishing emails. However, because hackers are getting more sophisticated and using tools to defeat blocking technologies, the last line of defense is a workforce trained and tested in avoiding phishing scams.
- TRAIN your workforce to recognize, avoid, and report phishing emails.
- Implement a PHISHING CAMPAIGN to further educate and test your workforce.
- Post REMINDERS to keep your workforce alert.
- Save reports as evidence if needed for an audit or investigation.
- Repeat at least twice per year.
- Install email software to filter out potential scammers
- Create a company culture where it is “okay to ask”. If you have doubts about the legitimacy of an email, ensure your staff and fellow employees know it is okay to double check.
To Learn More, Watch the Video Below
Episode two of Technology Simplified – Tech Talk Everyone Can Understand. In this episode Will Slappey & Jake Demille discussed phishing campaigns: how bad actors convince people to “take the bait”, ways to recognize phishing emails & steps to prevent them ever hitting your inbox.
Be careful which emails you trust! If a suspicious email comes from outside your organization, and sometimes even from inside – take care to review the information and motives of the sender before clicking on any links.
Get caught up on all our Podcast episodes below: