In the security world, it seems like every day brings another story of customer data being compromised. One of the latest examples comes from Children’s Mercy Hospital, where patients are still finding their data endangered after an email phishing scam hit more than 60,000 individuals back in January.
Despite mass awareness of these potential threats, email phishing attacks continue to successfully steal personal data from vulnerable companies. For those committing the attacks, it’s clearly an effective and fairly simple way to extort money and disrupt the status quo.
And the approaches are only becoming more creative and refined. Phishing emails look innocuous, but they’re dangerous and pervasive. It’s time you learned—once and for all—how to identify phishing attempts when they occur and keep your data safe from prying eyes.
Phishing’s popularity is simple to explain: There’s no barrier to entry, no major investment and little needed beyond an internet connection, a computer and malicious intent.
One of our customers once informed me of a sophisticated attack they endured. In this case, the attacker utilized publicly accessible information from Facebook and LinkedIn accounts. The attacker was able to learn that wire transfers were a frequent part of the customer’s business dealings, who often made these requests and who fulfilled them. Then, all it took was a false email that appeared to come from the CFO to the accounts payable employee requesting a wire transfer, and the attacker was able to falsely solicit free money from the company.
Exploiting publicly accessible information is an increasingly used tactic, as many of us utilize social networking sites to make connections both within and outside our business relationships. These sites are phenomenal research tools for making business contacts but also for bad guys to get everything they need to commit fraud.
Protect Yourself and Your Company From Phishing
With phishing so easy for attackers to attempt, how can businesses protect themselves from this vulnerability? Follow these three steps for optimized security against phishing scams.
- Update your security software. // Countless anti-spam filters and anti-virus programs exist to help screen for fraudulent emails. Although no system is foolproof, and none can successfully screen 100 percent of phishing attempts, a robust security system can certainly help catch a good number of attackers before they can strike.
- Create password protocols. // Basic security measures, from utilizing different passwords on different accounts to regularly changing passwords on a two- to three-month basis, can go a long way toward keeping email accounts safe. Consider investing in a password storage tool to make it easier for users to follow the password policy.
- Keep an eye out for warning signs. // No password protocol will be sufficient if your employees can’t spot a phishing attempt when it arrives. Teach users to look for unfamiliar formatting, unusual requests or misspelled URLs and email addresses before clicking on any link or submitting sensitive information.
As I stated earlier, no system is infallible, and phishing attempts can and will get through. But by preparing both your software and your employees to watch for attacks, you’ll give yourself the best chance to keep your data safe.