How To Spot A Phishing Attempt

What Is Phishing

Cybersecurity attacks are a major threat to organizations. According to the National Cybersecurity Alliance sixty percent of small to medium businesses that fall victim to a cyberattack, go out of business within six months.

One common cyber-attack method is called Phishing. Phishing is a socially engineered email scheme that attempts to trick a user into sending revealing information that can be used for fraudulent purposes.

These attempts can look very convincing even up to the point of copying a brand’s logo, theme, and colors. Often there will be a message in these emails that requires “urgent action”

A potential phishing scam could say something like this: “Your tax return at HR block has been rejected click here to fix this now” Or ” use this link to update your return now.” Once you have clicked the link in that message the criminals behind that attempt are able to gain access to what they want.

To help our clients spot real phishing attempts, we randomly send them fake phishing emails that we have created to trick them. Recently we sent one of these fake phishing attempts and the number of people who fell for it went up from our usual average.

Reasons Why Phishing Attempts Are More Likely Right Now

Phishing attempts rely on humans to make a mistake that allows the bad actor to gain the information they are looking for. This means that these messages will often relate to things that are currently going on.

There are a number of things currently going on in the U.S  that criminals might attempt to exploit in a phishing attempt.

  • Tax return season
  • Stimulus checks being deposited
  • Large scale COVID-19 vaccination
  • Returning back to the office
  • Returning to in-person schooling
  • Holidays

Tips for protecting yourself 

Although phishing attempts can be cleverly designed there are ways to spot them. One of the tell-tale signs of a phishing attempt is a sense of urgency. For example: “Your bank account password is about to expire change it now to avoid getting locked out”

If you are concerned that a request is not legitimate verify requests for sensitive information. Call your bank and ask them if they sent you an email asking you to change your password.

Attackers will pretend to be someone you trust. If you get an email from your “boss” requesting you send them over the client file you are working on immediately, that could be a red flag.  If you are suspicious do not click on any links, open any attachments, or reply to the sender.

One of the best things you can do to prevent yourself from becoming the next victim is to educate yourself! Sign up for one of our cybersecurity courses today!

July 14 10:00 AM (MT) – Cybersecurity 101 – Intro to Cybersecurity

July 28 10:00 AM (MT) – Cybersecurity 101 – Intro to Cybersecurity

Learn more about training here. Or contact us today to learn more about how we can help secure your business.