Teaching your employees to recognize these and other phishing methods is an important component of your information security strategy. But no matter how well educated your workforce, eventually, you’ll experience a breach from phishing — the human need for relationships and to trust others is that strong.
Would your employees know how to spot a phishing email and what to do (or not do) when they get one? You can find out with no charge and no obligation. Contact us Today!
1. Phishing. Basic phishing sends messages that appear to come from a trustworthy source. Typically these emails will request information such as login credentials or credit card information. To prevent employees from falling for these requests, teach users to call the company to confirm the legitimacy of the request. No legitimate business ever asks for personally identifying information via email.
2. Spear phishing. Spear phishing messages aren’t random; they target specific employees with a message that includes specific information about that person. Usually, it’s public information that’s easily found on the internet. The messages may include requests for money or passwords and seem to come from a friend or business associate. The best way to avoid falling for this is to call the apparent sender directly and confirm they sent the message.
2. CEO fraud. Receiving an email from the CEO gets most employees’ attention, which is why messages that pretend to be from the CEO are so effective. These messages typically request employees to transfer a large sum of money to a specified account. Instruct your employees to check directly with the boss to confirm whether or not they should respond.
3. Clone phishing. Clone phishing duplicates a message containing a legitimate attachment with one containing an attachment carrying malware. Because these messages may appear to come from a sender the victim knows, the usual advice to not click on attachments from unknown senders isn’t effective. Instead, use technological defenses to block attachments from downloading unless they’ve been scanned with up-to-date antivirus software.
4. Cloud phishing. Many companies now have their data stored in the cloud, and cyber criminals send emails inviting users to upload files to cloud providers like DropBox or Google Docs. Once they accept the invitation, malicious software is downloaded. Companies can reduce this risk by reminding employees of corporate policies around cloud computing. Only officially approved cloud storage systems should be used.
5. Government phishing. Like messages from the boss, messages from the IRS or law enforcement are likely to get employees to jump. Remind employees that these agencies do not use email to initiate interactions, and they don’t request personal information through email.