The Dangers of Phishing Alone
One of the most common methods cyber criminals use to infiltrate a company is to send a phishing email to an employee. Go it alone, and you’ll probably think, “Looks legit to me!” not knowing that this simple email actually contains malware that downloads to your computer, becoming an access point to infiltrate the company’s entire network system.
The List of “Don’t Trust!”
Cyber criminals are vicious in their efforts to trick employees into opening those malicious phishing email. But you can be the first line of defense instead of the weak spot. Here are some tips.
- If an email asks for confidential information with mention of money, don’t trust it! Legitimate organizations never request sensitive information.
- If the email uses threats and pressure to scare you into providing information, don’t trust it. Contact the merchant or service directly.
- If you have signed up on a website that is careless about how they handle your email address, you will receive more spam and as a result more chances of a phishing trip. Check the privacy policy of a website before you go after their services. Careless? Don’t trust it.
- If you receive an email that doesn’t seem to know you, don’t trust it. Spammers and fraudulent email are unable to personalize their email with your specific data because they don’t have it!
- If you find a form embedded in an email, don’t trust it. Forms that come from questionable sources don’t bother to encrypt the data, making whatever you enter vulnerable.
- If you can’t hover over a link and see exactly where an email link is pointed, don’t trust it! There are ways of hiding the actual destination with a fake URL address visible. Better to do your checking by typing the URL directly into your browser address bar.
- If you have an older computer and/or do not faithfully keep up with the software patches, then don’t trust your system. Update to avoid the vulnerability of phishing attacks.
Consider the Risk
Consider the risk of an attack where you are held ransom for 300 bitcoins, the going rate for most ransomware attacks and the equivalent of $7,800 at $26 per bitcoin, or the cost of a brand new laptop ($800-$1200). Is this a difficult decision? 34% of those attacked in the US paid on average $1000 in 2016. Of those only 47% received their files back!
Some people like taking risks. Here’s a pair of risks to consider: the rate of business ransomware attacks jumped from 1 every two minutes in January 2016, to 1 every 40 seconds by October. For individuals the increase was from 1 every 20 seconds to 1 every 10 seconds. And one more increase, the number of websites handling phishing email increased 250% from October 2015 to June 2016, or from 48,114 to 123,555 websites.
As a business, this level of risk is not good business. The better path is to invest in a secure network with a robust backup and data recovery system. Then take all the employees on a phishing trip! Learn how to resist the phishing lure with the List of Don’t Trust!
Another resource – Phishing Field Guide: How to keep your users off the hook!