What Is Phishing and How Can You Spot it?

This entry was posted in Security on by .

90% of data breaches that occur are the result of someone clicking on a link within a phishing file. While this might not seem like a big deal at the time, once the link is clicked, the hacker now has access to thousands and thousands of pieces of data, including client information, account information, and more.

Phishing attacks are getting more sophisticated as time goes on. It is crucial that you and those who work for your company understand what a phishing attack is and how to spot one.

Once you know how to spot one, you can move forward with training your staff on what to do when they find one nestled innocently in their inboxes waiting to strike. By the end of this post, you’ll have everything you need to know to ensure that your company doesn’t fall victim to phishing scams.

What Is Phishing?

When you hear the word phishing, think of it as a hacker’s favorite pastime. They cast the line waiting for one fish to bite, and once they feel the fish tug the line, they rip them from the water.

Or in the case of online hackers, they steal all the information they possibly can before the company figures out what’s happening and reinforces the firewalls that will stop them from stealing more data. By the time this happens, they’ve stolen thousands of files with sensitive information.

These phishing scams can come in multiple forms, including text messages, phone calls, or emails. It’s up to you and those you work with to always be on the lookout and not blindly click on links because it ‘appears’ to come from a trustworthy source.

As companies become smarter when it comes to spotting these scams, so are hackers, and below you’re going to find everything you need to stay multiple steps ahead of them before they’ve typed in the email address.

Types of Scams

There isn’t one specific scam that a hacker might use to obtain company information. There are several types of phishing scams that a hacker might use interchangeably until they find one that works for them regularly.

To better understand how to put an end to data breaches caused by phishing scams, you’ve got to know the types that they come in. Remember hackers hit when you least expect it, and if they’ve hit once, they will likely try it again.

Act Quickly

None of us like receiving an email or text message that reminds us that we forgot to do something or pay a bill. The first type of scam that you need to be on the lookout for is the one that requires you to act with urgency.

These types of scams might come with some time limit, such as,” if you don’t act now, your prize will be forfeited.” It makes the person reading it think that if they don’t click the link and enter the requested information, they will lose out on something big.

This leads to them clicking the link and entering personal information such as their card number, bank account, cell phone, home address, and more. The thing is, once you’ve provided this type of information, a hacker can move forward with doing things like account takeovers.

An account takeover is when they access your bank account and the funds in it. Once they’ve got the access they need, they will change passwords so that you’re no longer able to access it and lock them out.

After gaining access, they can then use the funds as they please.

Changing the Link

Have you heard of what happened to Shark Tank judge Barbara Corcoran? She lost $400,000 because someone that worked in her office replied to an email that seemed like it came from someone else within the company.

This happened because the employee didn’t take the time to review the email that the message was sent from. Typically hackers find a way to use a trusted email or link to get the information that they’re phishing for.

Scientists have proven that without thinking about it, your brain corrects misspelled words. Therefore, when someone receives an email or link that they commonly use, and one or two letters or numbers are out of place, their brains correct the mistake, and they never think anything of it.

Where does the issue come in, you might be wondering? In Corcoran’s case, the employee responded to the email with account information and authorization forms providing the hacker with what they needed to steal the funds.

When you receive a link, you’ve got to check the entire link. If there’s even one number missing, don’t click on it.

Donations Are Needed

We all have a soft spot in our hearts when helping and donating to the less fortunate. While in some cases, your funds do go to helping who it was intended to help.

In other cases, all you’re doing is lining the pockets of hackers. This type of phishing scam might come in the form of a telephone call because, after all, can someone effectively tug all the right emotional strings if you can’t hear the pain in their voice?

Once you’ve answered the phone, the hacker will then begin to go into detail, telling you a story that truly makes you sad for those less fortunate. When they’ve finished telling the story, they will then ask if you’d like to donate to their cause because ‘every little bit helps.’

Before you know it, you’re providing them with your credit card information, including card number, CVV, expiration date, and the name on the card. Once they’ve got this, they will drain you for as much money as they can, and you’ll never hear from them again.

Pop-Up Protection

Have you ever been on your computer, and a window popped up letting you know that your computer and files were unprotected? This is a pop-up phishing scam. What happens is you’ll begin to install the malware because you think you’re protecting your computer.

As your computer goes through the installation process, other installations are going on behind the scenes. Because of your initial installation, you’ve now given hackers complete access to your computer and any data that’s stored on it.

Whale Hunting

Sending emails to employees is one thing, but if a hacker thinks they can do it or have done it before trying to get the big fish to play their game. This means that they will pull out all the stops when sending the executives of a company emails or other messages to pursue sensitive data.

Why would an executive fall for such a trick, you might be wondering? Executives and others that are in higher positions are quite busy regularly. This means that they get multiple phone calls and thousands of emails every day.

While they should read every single word of the emails they are receiving, it doesn’t always happen. In a moment of simply not paying attention or being distracted by a phone call, they’ve given a hacker access to a companies larger files and money.

Before they’ve realized it, thousands have been stolen, and they are left baffled as to how it happened.

Recognizing Phishing Scams

Knowing the kinds of phishing scams out there is useless if you don’t know how to recognize them. There are specific things that stick out about phishing scams that will help you know that something isn’t quite right.

The first thing that should stick out when you’re looking at a phishing email is all the typos and other grammatical errors that are throughout the text. Even the most sophisticated hackers will make a mistake somewhere in the information they are putting to hook someone.

Another thing to look out for is if the email or link provided is missing letters and numbers. There’s no way an email or link will continue to work when it’s misspelled or missing letters.

If the email sent to you appears like it’s come from a notable company, but you’re not able to click anything within the email, it’s likely to be a scam. If the email you’ve received features a generic greeting, it’s likely that it’s a scam.

Especially if someone in your company has sent the email or message, the likelihood of them sending you an email with the greeting ‘hello dear’ is not only unprofessional, but it doesn’t happen. If you’re on the phone and the person you’re speaking to sounds like a recording, or as if they’re rushing you to hurry and provide you their information, it’s likely to be a scam.

Here are some ways that you can protect yourself from these attacks.

Set a Filter

Setting a spam filter on your computer will instantly take all emails that seem suspicious and send them to the spam folder. That way, you never have to see the email, and it reduces the likelihood of you making the mistake of providing sensitive information to someone that shouldn’t have it.

Setting a filter also means enabling your pop-up blocker. The pop-up blocker will ensure that any malware pop-ups prompting you to install them on your computer will all be blocked.

Again you’ll never see them because your computer’s firewall will be doing all the work for you.

Install Anti-Virus Software

If you’re working for a company, the best thing you can do to protect sensitive customer information is to partner with an outside IT company for all your anti-virus and malware needs. While you’re focusing on other aspects of the company, they will be monitoring your security and ensuring that data breaches don’t take place.

They can also provide you with backup and restoration services. This is helpful if files have been stolen and you need to recover the information for your clients before it’s too late.

Multi-Factor Authentication

Having a password on your computer and other devices that store data is the first step in protecting it. But, there is another step that you can take to ensure everything is safe, and even when your personal information is stolen, it can still be challenging to get into your accounts.

On your computer or your bank accounts, this means multi-factor authentication. When you enable this, it means once someone has gotten past the password, they will need to provide their thumbprint or a series of secret passwords to gain full access.

When they aren’t able to do so, the account will be locked, and you will be notified that someone is trying to gain access to your accounts. At this time, you might be prompted by your providers to update your passwords to ensure it doesn’t happen again.

Don’t Click Anything

This one seems like the most common sense tip of all the others we’ve provided, but you’d be surprised how many people still click on the links. If you have any idea or suspect that something isn’t right, don’t click anything.

It’s always better to call your supervisor and ask if they sent you a message or email. If they say no, you’ve got the confirmation you need to send that message to the trash bin.

Phishing: Not The Fish You Were Expecting

Phishing scams aren’t going anywhere anytime soon. As your company firewalls become stronger, so do the methods used by hackers. But, there are things you can do to keep them away, like updating passwords or finding quality malware to install.

If you’re in search of a provider that offers these kinds of services, contact BeStructured Technology Group. We know what we’re doing when it comes to cybersecurity and keeping your company’s data safe.

About Chad Lauterbach

CEO at Be Structured Technology Group, Inc. a Los Angeles based provider of Managed IT Services for small business. I desire to help small businesses better utilize technology by assisting in high level planning to make sure that new systems will benefit them both operationally and financially. I am careful to implement and support systems using industry best practices.