As cyberattacks become ever more prevalent and sophisticated, it’s important to remind your employees to practice good cyber hygiene to help protect your company and your intellectual property. One of the ways that bad actors infiltrate organizations is through a form of social engineering called phishing.
Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message. The senders of these messages pose as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Phishing avoidance tips: Don’t take the bait
- Always be suspicious of any message that requests you to click a link or open an attachment.
- Be cautious of any message communicating a sense of urgency or dire consequences should you fail to take immediate action.
- Notice an incorrect company name.
- Be on alert for emails with generic greetings such as ma’am, sir, or customer.
- Contact the person or organization using a different, validated method if you are concerned about a message. This could be dialing a phone number you already have or checking the organization’s contact information on their website. Never use the links or contact information in the message that is raising red flags for you.
- Note if the email is oddly structured or formatted.
- Be careful not to provide personal or sensitive information in response to a message.
Always report phishing
Be sure employees know how to act if they receive a phishing message. If you are using Microsoft Office Outlook as your email client, here are the steps to take.
- Select the suspicious message.
- Choose ‘report message’ from the ribbon.
- Select ‘phishing’.
This is the fastest way to report a phishing attempt and remove the message from an inbox.
What to do if you or an employee has been phished
If you or a team member suspects that a phishing attempt has been inadvertently successful, there are things you can do to mitigate the damage.
- If you are already a CyberSheath client, contact us immediately and report it.
- While it’s fresh in your mind, write down as many details of the attack as you can recall. Note any information such as usernames, account numbers, or passwords you may have shared.
- Immediately change the passwords on those affected accounts, and anywhere else that might have the same password. While changing passwords take care to create unique passwords for each account.
- Confirm that you have multi-factor authentication, also known as two-step verification, turned on for every account possible.
- If this attack affects your work or school accounts, notify the IT support folks at those entities of the possible attack. If you shared information about your credit cards or bank accounts, contact those companies to alert them to possible fraud.
Get in touch with the experts at CyberSheath to see how we can work with you to guard against phishing and other methods employed by cybercriminals. We are here to help your company implement cybersecurity controls that protect your data and your organization.