In the modern world of technology, much of our personal data is stored in emails, online, and on our phones. A ‘Phishing Attack’ is an attempt to steal vital information (such as passwords, credit card details or bank information) or share computer viruses that can disrupt a company. It is estimated that over 80% of organizations fell victim to a phishing attack last year.
What is a Phishing Attack?
“Phishing” attacks involve malicious actors who send messages/emails to unsuspecting groups while pretending to be a trusted person or organization. The purpose of these actions is to trick recipients into following a link and/or replying to the message with the goal of stealing the user’s personal information or credit card numbers.
Phishing attacks involve malicious actors sending emails to people who think they know the sender and provide sensitive information.
Types of Phishing Attacks
Phishing attacks can be very sophisticated and come in many forms, the most common type is a mass email sent from what appears to be a legitimate source (such as a bank, large corporation or store). Often you can spot a fake email as it substitutes a character or symbol to appear as close as possible to the legitimate company. These emails are then produced on a mass scale and emailed out to hundreds of individuals in the hope that someone divulges personal information (it’s important to note that in most cases, established organizations will rarely ask for your personal details out of the blue). Many phishing emails are discovered as fraudulent as they are not formatted correctly, have typos or spelling mistakes, or have an unusual website link.
Many phishing emails are discovered as fraudulent as they are not formatted correctly, have typos or spelling mistakes, or have an unusual website link.
There is a much more calculated approach sometimes known as ‘Spear phishing’. In this case, a malicious email is sent to a specific target when the perpetrator already has information such as their name, employment, or bank details. This makes the emails look much more convincing.
‘Whaling’ is another phishing approach that targets high-profile individuals within a company, often at the C-suite level. This can be through traditional techniques of trying to convince an individual to reveal personal information, or through personalized messages with malicious email links.
Another advanced method to acquire important information, this method of phishing creates a fake website domain for unsuspecting individuals to enter personal details. The name refers to the lack of the HTTPS (or SLS padlock symbol) at the beginning of a website link that traditionally indicates it is safe and secure.
Steps to Avoid Phishing Attacks
Unfortunately, Phishing Attacks are becoming more commonplace. To keep you and your company safe, follow these steps if you are unsure of an email’s legitimacy.
- Look at the sender’s domain name and email address. Check to make sure the sender is from a valid domain that you are familiar with. If that sender or link is not from a valid domain that you are familiar with or have ever seen before, do not open it.
- Never click the link inside an email if the sender is unknown to you.
- If you are redirected to another site from a message, never enter information into an unsecured website. If the URL doesn’t start with “HTTPS” or does not have the locked icon in the URL bar, it is not secure.
- Be vigilant about changing your password. It is recommended you do so every 90 days. In the event you do have a password compromised, changing it will remove access to the account.
- Keep your operating system and software (such as web browsers) up to date with the latest version and security options.
- Don’t give out your information unless you 100% trust the website.
- Consult with your IT team to ensure all firewalls are in place and if any other security software can be added for additional protection.
YATCO’s online safety measures
With YATCO, you can rest assured that our team takes all necessary measures to keep your data safe and secure. Some of our security measures include:
- Data encryption. All YATCO data is encrypted.
- No external connections to database: Our database only speaks to an internal secure web server.
- Dedicated I.P. addresses ensure only your office or dedicated I.P. can access the data.
- Two Factor Authentication.
- Customizable screen lockdowns from erroneous activity.
- A 24/7 help desk support and local service in Europe and U.S.
Takeaways: How to avoid being a cyber scam victim
- Do not respond to emails or communicate with unknown senders.
- Do not provide any personal or financial information to untrusted sources.
- Avoid clicking on links included in emails or downloading random attachments.