Phishing is an attempt by cybercriminals to obtain sensitive information by tricking you to click on a malicious link or log into a fake website. While we all like a fun practical joke on April Fool’s Day, don’t be tricked by a social engineer and give away your financial data or password!
Be a Savvy “Phish’erman: How to Spot and Avoid a Phishing Scam
- Watch for overly generic content and greetings
- Watch for mis-spelled words or poor grammar
- Carefully check all links. Mouse over the link to see the destination. Type the address in a fresh browser instead of clicking on the link in the email to avoid copycat sites.
- Watch for urgency or threatening language.
- Do not provide personal information by responding to an email or filling in a form from a link in an email.
- Carefully review the full email of the sender. The first part may look legitimate, but the domain might be wrong or there may be an extra or missing letter.
- Check for secure websites. Any website you enter data should start with https://. The “s” stands for secure.
Here is a graphic showing some examples to look for:
Keep Your Fins Up: How to Protect Yourself from Phishing Scams
Here are some suggested ways to catch the phishers:
- Provide regular security awareness training for your employees. Send simulating phishing emails to staff, and if they accidentally submit data, present them with additional training so they do better the next time.
- Make sure your software is patched and up to date.
- Ensure your IT infrastructure is current so that hackers cannot exploit known vulnerabilities.
- Enable 2-factor authentication whenever you can.
- Use a password manager.
Phishing is No Laughing Matter
Bear in mind that cybercriminals are constantly evolving and so we are defending against a moving target. If you think you’ve fallen victim to a phishing scam, report it to your IT department and change your passwords immediately.