Your organization is only as strong as your weakest link. We hear and read stories far too often about employees being victims of social engineering and phishing schemes. Let’s take a look at social engineering versus phishing and how we can avoid getting hooked.
Social Engineering: The art of manipulating people so they give up confidential information.
Phishing: Phishing is typically executed through email, but can also be via telephone or other communications. The act of phishing is where a user is tricked into browsing a malicious URL designed to appear like a site they trust, or provided with other fabricated content such as an attachment containing malware.
How can you avoid falling victim? Here are some red flags to look out for and some tips on how to improve your cyber hygiene.
- Sense of urgency – beware of any emails that come in saying that something needs to be done NOW.
- Poor grammar, misspelled words, or typos.
- Check the sender's email address for all emails you receive. Oftentimes the email domain will be missing a letter or have letters reversed, so you'll have to pay close attention. It is important to also be cognizant of the “to” and “cc” fields to ensure that there are no suspicious third parties.
- Is it personalized? If a secure organization is attempting to contact you, they should already have your name and information. Be wary of generic greetings.
- Links! Only click on those that you are expecting. Also, hover your mouse over the link before you proceed to make sure that it is taking you where it claims to.
- Also, be aware that landing on the wrong website can expose a firm to risks, so be on the lookout for these signs that could signal it is a malicious site:
- Check the web address for misspellings, extra words, characters or numbers that seem off or suspicious
- Roll your mouse pointer over a link to reveal its true destination, displayed in the bottom left corner of your browser
- If there is NO padlock in the browser window or ‘https://’ at the beginning of the web address to signify that it is using a secure link, do not enter personal information on the site
- Be wary of websites that request lots of personal information
- Avoid ‘pharming’ by checking the address in your browser's address bar after you arrive at a website to make sure it matches the address you typed
- Be wary of websites that are advertised in unsolicited emails from strangers
Improve your Cyber Hygiene
- Install security measures on mobile devices and work devices
- Make sure patches are being deployed
- Be cautious which websites you are browsing
- Only download reputable downloads from legitimate sources
- Be careful when using public wireless networks
- Use strong and different passwords for each platform – you don’t want to use the same password you use for your online banking that you do for social media
- Clean up your old data that you may have forgotten about – no “dirty data”
- And as always, watch out for phishing emails
It's not “if” an attack will happen, it’s “when”. As stated before, your company is only as strong as your weakest link. Get started today on actively testing your employees by phishing them and educating them on the risks of phishing attacks.
With Apexa iQ, you are able to see your entire IT environment and know which of your devices, hardware, or software is not receiving the correct patch management, is or is nearing end of life, and those that are a security and compliance risk. Hackers will go after these those of devices that at vulnerable so be cyber-aware and avoid falling victim to these hackers.
Interested in seeing how Apexa iQ can help your company steer clear of phishing attempts? Schedule a demo today!