What is ‘Phishing’?
Phishing is the practice of sending emails, pretending to be reputable companies in order to attempt to persuade individuals to give up valuable information such as passwords or credit card numbers etc.
It is important that you review the privacy settings for any social media accounts such as WhatsApp, Slack, Skype, Facebook messenger and any other messaging service. Having the highest privacy settings ensures only known contacts can see your personal information. It will also help to mitigate the risks of a phishing attack or identity theft. Often scammers use these programs as a starting point to begin their phishing.
Common Phishing example: A fake email/message might be sitting in an inbox, prompting the account owner to click on a link to a dummy website where the account owner will be forced to enter their username and password. Some cyber criminals take the extra step of locking out employees from their own account and changing passwords.
Scammers “watch” the digital activity of unsuspecting employees, looking for passwords to access or hack servers. As we’ve recently seen, Toyota fell victim to cyber hacking which tells us that not even multinational companies are safe! The reality is ANYONE or ANY BUSINESS could be hacked. So, what are some of the warning signs to look out for?
- You receive an email, text or phone call claiming to be from a bank, delivery, telecommunications provider or other business you regularly deal with, asking you to update or verify your details;
- The email or text message does not address you by your proper name, and may contain typing errors and grammatical mistakes or sir/madam;
- The website address does not look like the address you usually use and is requesting details that the legitimate site does not normally ask for;
- You notice new icons on your computer screen, or your computer is not as fast as it normally is.
How to prevent this from happening?
- Have an Internet and Email Usage Policy that is up to date and ensure all staff properly read and understand what do to in the event of this happening
- Multi-factor authentication across all accounts to secure the business from theft
- Increase employee awareness through training workshops or presentations, encouraging them to flag any suspicious emails
- Use a password manager on your files or web pages
- Invest in top of the range security software that will make your business a harder target