Phishing has become one of the great problems for technology users in the 21st century. The ironic part of the whole thing is that it has taken a good old-fashioned social engineering scam to make today’s robust information systems less secure. Phishing is the predominant way that hackers and scammers gain access to the systems they target. Today, we’re going to spell out what to train your employees on to help them identify phishing attacks.
Before we get into what your staff needs to look for to stop from being scammed by phishing messages, we need to stress the fact that, these days, every organization is targeted. From the largest enterprises to the smallest mom and pop shops, if your organization saves data of any value, people will take it.
What’s worse is that there are scammer-driven attacks, like ransomware, that can make things extraordinarily difficult for your organization to manage. These are almost universally deployed through the use of phishing attacks. Think about it: if people who are actively looking to steal your stuff and do your business harm are accessing your network with legitimate credentials, what’s left to stop them? That’s why it’s essential that you have a proactive mindset when training your staff for phishing.
You can get scammed over the phone as often as you can through email or via text message, so it’s important to try and identify as many variables of similarity as possible. By our measure there are four key identifiers that you are dealing with a phishing message; and, these can be by way of any communication medium.
Let’s go through all four:
A lot of messages we get are authoritative in nature, but when you get these messages, they typically don’t come from anyone that would typically need your attention. Basically, phishing messages will usually read like someone that is urging you to take action. That action is typically providing credentials, clicking on the in-text links, or opening an attachment; all of which are complete no-no’s unless you are dead certain that the person on the other end is trustworthy.
Many phishing messages try to give the sense that they are being directed to do something from someone of authority, In many cases, if the sender were legitimate, they would not only provide specific instructions that could be verified, they also wouldn’t have any grammatical, spelling, or punctuation problems that many phishing attacks have. This is because oftentimes, the language that the scammers use in phishing attacks is not their first language. However, many phishing attacks are more sophisticated nowadays, so don’t think that proper semantics clear any message you receive.
If you were, for example, to get a message from your bank directing you to take immediate action, you most likely wouldn’t get it through email. Furthermore, the addresses that the email comes from don’t match the legitimate address that type of correspondence comes from. For example, if you got an email from State Farm insurance telling you that you need to act immediately, the address that a message like that would come from would be @statefarm.com. If it doesn’t look right, verify the legitimacy of the message by reaching out to the would-be sender. You may find that it is a complete scam.
When the message you receive is suspicious, it’s likely to seem so immediately. Whether it is from a seemingly legitimate source and is written in a way that doesn’t seem right, or if it's an instant message that shows up on your favorite IM platform with a sentence and a hyperlink; it’s not hard to determine whether or not something is a scam. You just have to be patient. Phishing attempts are successful because of human impulse, no other reason. Take your time with your messages and you will stay secure and not fall for these social engineering scams
With phishing being a big issue for every person that uses the Internet, you need to make sure to keep your head about you. If your organization needs help putting together a sustainable training strategy to ensure that your employees know what to look for, give us a call today at 301-571-5040.
About the author
Washington Works has been serving the Bethesda area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Comments