Phishing scams are rampant in today’s world and are of particular concern to those concerned about their IT security.  

We’ve all been there.  We get emails from a friend’s account that are off—maybe they are full of strange links or requests to send them money to get them out of jail or to help that one prince in Nigeria. (For what it is worth—Nigeria doesn't even have a monarchy. They are a federal republic whose elected leader is called the President.  Spoiler Alert: their President isn’t going to email you, either.) These are tell-tale signs of a hacking scam. In particular, a phishing scam though which bad actors attempt to gain access to private information.

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Instead of hacking your software or devices, what they attempt to do is more sinister: they attempt to hack you. 

Whereas your company’s devices and data may be well protected, your employees may not be.  Knowing that the human element is your biggest weakness, social engineers often deploy phishing scams in order to trip them up, hoping to gain access to private information through a shared password.  The information most at risk in a phishing attack are passwords and sensitive account information such as credit card numbers, bank accounts, and electronic health records.  

Think of it as the technological equivalent of that scene in a lot of spy movies.  You know the one.  The bad guy is wearing a service uniform and has a lot of packages in his hands and can’t quite get the door open or reach his pass card or punch in the code. So, he nods and smiles to the receptionist and she buzzes him in. Then he whispers into his ear peace to the team in the pizza van out front, “I’m in.” 

Hackers use phishing emails to “get in”. And they aren’t always as obvious as a fake mustache and a navy jumpsuit from Acme plumbing.  Cybercriminals use phishing, the fraudulent attempt to obtain sensitive information such as credit card details and login credentials, by disguising as a trustworthy organization or reputable person in an email communication. They’ll look legitimate-ish.  

Their messages may sound genuine, and their sites can look like the real thing. It can be hard to tell the difference, but you may be dealing with a phishing scam if you see the following: 

• Requests for confidential information via email or instant message 
• Emotional language using scare tactics or urgent requests to respond 
• Misspelled URLs, spelling mistakes or the use of sub-domains 
• Links within the body of a message 
• Lack of a personal greeting or customized information within a message. Legitimate emails from banks and credit card companies will often include partial account numbers, username or password. 

HOW CAN A BUSINESS REDUCE ITS RISK OF FALLING PREY TO PHISHING SCAMS? 

Deploy a strong anti-phishing system to catch/filter phishing emails before they reach their intended recipients.

pim's business IT solutions (bits) goal is to detect, protect, prevent, and resolve common network and system threats before they happen. 

Industry data shows that network and system threats can be addressed ahead of time, downtime and costs can be dramatically reduced. pim's advanced managed threat response, powered by SOPHOS, has advanced threat hunting, detection and response capabilities that takes action to neutralize threats. 

BITS helps to achieve maximum computer system productivity while reducing the burden of day-to-day IT management through system management services (SMS), help desk support, assets reporting and management, monitoring, and encrypted remote tools. 

Train Your Employees. 

We cannot stress this enough.  Your employees are not only your weakest link, but also your greatest strength. When your team is equipped with information, they will be wiser and more apt to recognize phishing scams and not click suspicious links.  

Remind your employees of the following email best practices: 

1. Do not provide personal information or respond to any unsolicited requests for information. 
2. Only provide personal information on sites that have “https” in the web address or have a lock icon at the bottom of the browser. 
3. If you suspect you've received phishing bait, contact the company that is the subject of the email by phone to check that the message is legitimate. 
4. Type in a trusted URL for a company's site into the address bar of your browser to bypass the link in a suspected phishing message. 
5. Use varied and complex passwords for all your accounts. 
6. Continually check the accuracy of personal accounts and deal with any discrepancies right away. 
7. Avoid questionable websites. 
8. Practice safe email protocol:
   • Don't open messages from unknown senders. 
   • Immediately delete messages you suspect to be spam. 

Test Your Employees. 

Pim offers a phishing campaign wherein a sample of employees are tested after which you will receive a report with our recommendations.   

By working together with your employees and trusted IT security professionals, you can reduce your risk of falling prey to phishing scams.