If you’ve ever received an email from someone you know and communicate with regularly, but something about that particular message seems unusual, you could have been targeted in a phishing attack. Phishing emails are messages that appear to come from a trusted source, but the messages typically contain links to fake websites where you’ll be prompted to enter personal information like usernames, passwords, or credit card numbers, for hackers to collect and steal your identity.
So what’s the deal with phishing attacks? Keep reading to learn the ins and outs of how they work and what you can do to protect yourself and your business in the future.
Why Should You Care About Phishing?
Because it still works like a charm! Despite being around for decades, and all of the security awareness training and resources available to help people protect themselves from scams like these, phishing attacks still have a 74 percent success rate against businesses in the U.S. as of this year.
Phishing emails can be very difficult to spot if you don’t know what to look for. That’s what makes them so effective!
How does Phishing work?
The links in phishing emails can often lead you right into:
- A ransomware attack, which encrypts your files and requires payment for release
- A denial-of-service attack, which takes your website down for an extended period of time
- A malware attack that creates ‘back doors’ into your network for hackers to access at their leisure
Keep in mind that there are different types of phishing attacks in addition to those listed above, and every hacker’s motivations are different. But if you know the red flags, you’re highly likely to avoid falling victim to these attacks.
How to Spot a Phishing Email
Here’s the thing: That random email from your client that links to some weird website might actually be legit. You might automatically think it’s harmless, since you recognize the sender’s name. But don’t be tempted to click that link just yet! If you feel the message is suspicious, there are steps you can take to figure out whether the message is real, or not. Some of the tips might seem really simple and straightforward, and others might seem complicated. But all of these tips can help save you from getting phished. Try this:
- Verify the sender’s email address. If the email appears to have come from someone you know, double check to make sure it’s actually their email address.
- Ask the sender directly. Send a separate email or text to the sender and ask if they sent the message.
- Look the sender up online. If you don’t know the sender, look them up online to see if they’re a real person and if the email address in question belongs to them.
- Check the domain name. Hackers subtly change domain names. Ex: google.com (legit) vs. gooogle.com (phishing). If it’s a known domain, look closely to ensure it’s correct.
- Hover (don’t click!) over the URL. This allows you to see the actual link. Ex: ‘google.com’ in the email could actually lead to ‘fakepage.com’, the phishing site.
- Go directly to the site. If you aren’t sure it’s a phishing email but want to check it out, skip the link and go directly to the website.
- Train your team. Teach your employees how to spot phishing messages, and what to do if they receive one.
- Implement preventative measures. Set up anti-virus tools, enforce strong passwords, and take advantage of encryption technologies that can help reduce potential risks.
What to do if You’ve Clicked on a Phishing Email
If you’re reading this post because you accidentally clicked on a link in a phishing email and you’re not sure what to do next, breathe. We’re here to help. Here are some solid steps you can take immediately to get on the path to recovery:
Change your passwords, and turn on two-factor authentication. If you’re still able to log in to your accounts, change the passwords (yes, all of them!) immediately to kick anyone out that shouldn’t have access to your accounts. Also, by turning on two-factor authentication, you’ll be adding an extra layer of security that makes it difficult to access your accounts without additional verification.
Finally, call on the experts! We know that when it comes to security, it can become an information overload situation in a heartbeat. There’s so much to navigate and consider when it comes to protecting yourself, your business, and your clients in the online space. That’s why we do what we do. There’s a lot of information to navigate when it comes to protecting yourself and your business online. If you suspect you’ve fallen victim to a phishing attack and are concerned about data privacy, reach out to us. We can help you put the tools in place to strengthen your security and protect your data.