We’re all adjusting to the new normal while working at home during COVID-19 and keeping your computer safe from cyber-attacks and hackers has become more imperative than ever. Thousands of people all over the world are spending more time online due to the pandemic and despite even the most advanced technological security features, companies are still vulnerable to attacks. As hackers scope for organizational vulnerabilities employees can often be the target of cyber-attacks through phishing.
What Is Phishing?
Phishing occurs when hackers pose as a trusted figure who uses carefully crafted emails to trick you into visiting a malicious website, downloading a corrupt file, or handing over your password before using that information to gain access to a business network or your personal information.
One of the most common ways phishing occurs is by using the art of storytelling to entice users to interact with a link or attachment. These could include tactics such as:
- Including a fake invoice
- Asking you to confirm personal information
- Claiming there’s a problem with your account or payment information
- Notifying you of a suspicious activity or log-in attempts
- Asking you to click a link to submit a payment
How To Spot An Attack
The best way to avoid a phishing scam is to learn the different types of phishing attacks a user can experience. Hackers often have more success phishing employees because they spend the majority of their day clicking on links and downloading files for work. Here are a few examples of misleading information scammers use to entice users to interact with their emails:
- Fake shipping or delivery notifications
- Fake purchase confirmations & invoices
- Requests for personal information
- Promises of attractive rewards
- Charity or gift card scams
- Use of urgent or threatening language
- Unexpected emails
These are just a few ways that a scammer will try to trick you into clicking a link or opening a dangerous attachment. You always want to pay attention to a few key details when trying to determine if an email is safe or not. Look at factors like:
- Who is sending the email- If you don’t immediately recognize the sender, you’ll want to see if the person or business name is spelled correctly. Another way to identify a suspicious sender is looking to see there are a bunch of random characters instead of a clear email address.
- Who is the intended recipient?- Hackers can target recipients within your organization who could have access to private company details. If you are a person who manages confidential information like finances, customer data, or intellectual property, please be aware that you are a prime target for hackers.
- Subject Line- Always examine the subject line of an email before opening or responding to it. Seeing grammar or misspellings from an accredited business or institution is often a clear indicator of a suspicious email.
- Any suspicious links or attachments- Phishing emails often include outbound links that will redirect you to a page that is broken or not a true URL. Hover over any links in the email and see if they look legitimate, if you don’t recognize the link, don’t click it.
- The type of content in the email – Examine the overall tone of the email. You should always read the content for clarity and grammar before responding or engaging with an email.
Don’t forget that as we all continue to work from home it’s extremely important for the safety of you and your company’s information that you don’t open any suspicious or unwanted emails.
How To Protect Yourself From Phishing Attacks
While we would love to think that our email provider is perfect and will automatically filter out any suspicious or wanted emails, that’s not always the case. Scammers have gotten better at outsmarting the spam filters which makes it easier for them to make their way to your inbox. It’s always a good idea to have a few extra layers of protection to prevent phishing attacks.
- Think before you click on any links!
- Make sure your computer’s security software is up-to-date.
- Do not share personal or financial information via links found in emails.
- Protect your accounts by using multi-factor authentication.
- Be cautious and avoid clicking on pop-up dialog boxes.
Your company can provide all the warning and corporate training possible, but if you don’t take the steps to identify and recognize phishing as it happens, you could jeopardize the safety of your private information.
What To Do If You Suspect A Phishing Attack
If you suspect that you have been the victim of a phishing attack, especially if you have been using a work computer or email address, notify your IT department immediately. If you suspect a spammer has any of your personal information or details like a Social Security Number or your banking information, contact Identitytheft.gov. Remember that your first priority when you are working online is to always keep your information safe and secure from scammers.