Written by Cheryl Blasnek, Vice President of One Step Secure IT Services | 4 MIN READ
In order to understand how to help prevent phishing, we first have to understand what it is. Phishing is defined in the Oxford English Dictionary as: “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information.” This can be more easily described as a scam in which, an Internet user is duped by a deceptive e-mail message to reveal personal information like Passwords, and credit card numbers.
These emails are generally setup to look like something you would not think of as being spam. An example is an email that looks like a request to add someone to your LinkedIn network. An email such as this will actually link you to a website that appears to be what you are expecting, in this example a LinkedIn sign on-page, but it is a fake. When you provide your username and password on the fake website, the account login info you entered is captured by another person, who then uses that login info illicitly. Your account login info and password is now compromised.
These phishing emails attempt to mimic anything and everything, from your favorite social media website to something that looks like it came from UPS or from your bank saying there was suspicious activity on your account. They often suggest clicking a link and changing or using your password.
What can you do to protect yourself?
Here are three quick recommendations:
- Hover on links to check the actual URL: If you hover your mouse over the link in an email without clicking it, you can see where that link is going to send you. Doing this will often reveal a mismatch between who you expect sent the message and where the link goes.
- Only click on trusted links: Many of the links to fake websites might use the actual business name or even the logo, but these links usually contain misspellings of the expected business name or a website URL.
For example, www.paypal.com and www.paypla.com look very similar if you aren’t paying attention. Pay attention. The best option is to not click links in emails at all, and to instead go directly to the website for the business you want to conduct by typing it into the URL bar on your browser. This way you don’t run the risk of being fooled into clicking a fake link and being redirected somewhere maliciously.
- Use a managed IT service like One Step Secure IT: One Step Secure IT provides Email Education to our customers to keep security against phishing top of mind for all employees. This program includes regular notices of current scams as well as simulated phishing emails (SPE). If an employee clicks on the SPE, they are notified of their mistake. These actions keep email security top of mind for our employees.
These are just three of the ways to protect yourself, and your business, against the onslaught of phishing attempts. One Step Secure IT would be happy to share other Best Practices to keep your business safe. If you desire more information in securing your network, please contact Jacque Pratt at firstname.lastname@example.org or 623-580-8181 Ext. 4128.