About a third of all successful data breaches involve phishing, or the scheme in which scammers pretend to be a legitimate entity in order to trick users into giving up personal information such as passwords and credit card details. Phishing scams are usually sent via email, but they can also be delivered through Short Message Service (SMS) or voice calls. As long as businesses use email systems and mobile devices, they will be subjected to numerous and sophisticated phishing attacks.
While there are security solutions that can help identify and get rid of emails containing malicious links, businesses should also train their workforce in recognizing phishing scams. Per Verizon, 17% of breaches are due to error — that’s almost one in five security incidents.
To keep company data secure, every person in an organization should be knowledgeable in spotting phishing scams. But how familiar are you with the tactics phishers employ? Take this quiz to find out.
1. You receive an email from your bank saying that your account has been locked due to suspicious withdrawals. To unlock your accounts, all you have to do is click on the embedded link and verify your identity. What do you do?
A. Click on the link to unlock the account.
B. Call my bank to verify the claim.
C. Reply to the email to ask for more information.
Phishers want your personal details and they will use any way to get them — including sending ominous, panic-inducing messages. The above scenario, for instance, creates a sense of urgency and counts on you to act before you think.
If you get a message about your bank account being locked, call your bank. Tell the customer representative about the email you received; they will be able to verify the legitimacy of the email. Do not reply to the email to ask for more information. If you want to know further details regarding your account, ask your bank instead.
2. You get an email saying that someone has tried to log into your social media account. To secure your data, you have been given a link to a verification page and a unique code that you must enter alongside your username and password. What do you do?
A. Check the sender of the email as well as the given link.
B. Click on the link and enter the verification code.
B. Delete my social media account.
Enabling multifactor authentication (MFA) is recommended to better protect your accounts against unverified user access. However, as demonstrated in the example above, phishers can also use it to gain people’s trust.
If you receive an email supposedly containing an MFA code, beware. Double-check the address from which the message was sent: some phishers create email addresses that look like they came from legitimate institutions. Also, hover your cursor over the link provided to check where it will redirect. Phishers usually create a dupe site that looks just like the authentic one. In some cases, only the domain name will be different, i.e., instagram.cf instead of instagram.com.
Once you verify that the message neither comes from a legitimate source nor redirects to a safe website, block the sender. There’s no need to delete or deactivate your social media account.
3. A request for an urgent Zoom meeting with your manager arrives in your inbox. It mentions something about your job performance that should be addressed right away. What do you do?
A. Reach out to a trustworthy colleague to discuss the situation.
B. Use another channel of communication to talk to my manager about the Zoom meeting request they supposedly sent.
C. Join the meeting. I cannot risk my job.
The COVID-19 pandemic has made Zoom meetings an essential part of business operations. Unfortunately, the introduction of videoconferencing platforms into workflows has also given phishers more avenues to exploit. For one, they are taking advantage of communication breakdowns between management and employees and sending fake Zoom meeting requests.
Contents of these requests vary, from discussing new company policies to warning about an impending job termination. If you receive a meeting request which you’re not expecting, verify its legitimacy by talking to the sender through another channel.
Constant vigilance is necessary to avoid committing cybersecurity errors that can put the company at risk. Always check the sender’s email address and the embedded links in the emails you receive for anything suspicious.
It also helps to employ cutting-edge cybersecurity defenses to protect your systems against phishing, malware, and other cyberthreats. SpectrumWise’s seven layers of security are designed to give your business complete and comprehensive protection. Send us a message to learn more about our services.