Here’s a fun thought experiment; can your team identify phishing scams and respond to them appropriately? It’s a skill that must be learned if you want your organization to be successful and safe. Today, we’re taking a look at the three big signs you’re looking at a phishing scam (and what to do about it).
An unknown sender isn’t necessarily a giveaway sign of a phishing attack, but you need to consider more than just the sender.
You run a business, and that business is often solicited to buy products or services. These folks are not who we’re talking about here; we’re talking about the most random of people on the Internet who are urging your business to do something. They might have an email that doesn’t make sense, like a random string of characters and numbers with a Gmail domain. It’s safe to say that no one your business will work with should have an email address like this.
Do a little digging and see if you know who the sender is before you assume it’s safe. Check their email address according to your records, as whaling schemes are also quite popular, and it’s easier to impersonate or spoof someone’s email address than you think.
The big thing about phishing messages is that they want you to act now without thinking things through.
You’ll often see urgent language in messaging, whether it’s to claim a prize, pay an invoice, fill out a form, or even verify your identity with personal information. Scammers will even try to bully you if you push back, sometimes under the guise of law enforcement. It’s safe to say that law enforcement will not email you or blackmail you; rather, you can expect to receive official notices in mail or in person.
All in all, make sure you’re not capitulating to their requests without giving them a good thought first. Verify the identity of the sender if possible, and ask yourself, “Does this even make sense?”
This goes double for any message that appears to have links or attachments—especially if you don’t know the sender or you don’t remember placing an order.
Definitely don’t click on links or download attachments all willy-nilly. People love to just impulsively click on things, even if we know we’re not supposed to. If you’re unsure whether a link is legit or not, hover your mouse cursor over the link and check its destination. Attachments can also be scanned by your IT department, assuming you have a reliable IT professional you can talk to about these types of issues.
If you don’t, we’d be happy to fill that gap in your business’ operations. First Column IT has staff that are security professionals that specialize in small businesses like yours. We’ll take care to ensure your staff are well-trained on how to act in the event of a phishing scam, and we’ll implement security solutions that minimize their occurrence and effectiveness. Learn more today by calling us at (571) 470-5594.
