Cyber-criminals use email and text messages to trick you into giving them your personal information. These cyber-criminals are looking to steal your passwords, account numbers and other important data. Obtaining this information means criminals could gain access to banks, emails, or other accounts in turn causing a data breach, and with a study by IBM finding the average recovery cost of a data breach to be approximately £3.1 million, allowing this to happen would be catastrophic.
Often cyber-criminals will impersonate a business you trust. They’ll send emails/messages addressed as Amazon, Microsoft, or even your bank in the hopes you click a link or file that will subsequently download a form of malware or redirect you to a phishing webpage. According to TESSIAN 75% of organizations experienced a phishing attack in 2021, and they’re often successful. Cyber-criminals are only increasing their number of attacks, that’s why we’ve put together 6 ways you can avoid getting caught out by phishing.
Cyber-criminals are constantly adapting with new phishing scams. Unless you stay on top of these new tactics, you could inadvertently fall prey to one. We recommend you spend a little time each week briefly reading through the latest phishing news. By keeping yourself up to date you will be able to identify new threats as early as possible and will therefore be at a much lower risk of getting caught out by new tactics.
According to Forbes 95% of all data breaches are caused by human error, keeping employees educated should be a top priority. Ongoing security awareness training and phishing simulations for all employees is highly recommended in keeping cyber security as a top priority throughout your business.
One overlooked click is all it takes to causes a data breach that could cost millions. Using links on trusted sites shouldn’t be too concerning, however, clicking a link on an unexpected email or message is extremely risky. Check the URL of links by hovering over them, does it look like they’re sending you to where they are supposed to go? If you do click one of these links it may take you to a website identical to the company they’re impersonating, once on the site they will usually ask you to fill out private information in the hopes of capturing it.
If you receive what looks like a spam email your first instinct may be to unsubscribe but be wary, cyber-criminals know this and will often imbed bad links within the ‘unsubscribe’ text. If ever in doubt the best thing to do is contact the company directly. When contacting the company yourself, always find your own contact information online, because if it is a phishing email it will almost certainly contain incorrect contact information.
It doesn’t matter what online account it is, if you don’t visit it for too long cyber-criminals could be taking advantage of it. Even if the account has very little importance to you making sure to check in or taking the time to completely shut down the account is extremely important. Often people forget, accounts created for one-time purchases stay activated with your bank details attached. These accounts then stay dormant until a cyber-criminal eventually gain access to the account and the personal information in it.
Worryingly a study conducted by GetApp has found 56% of people still use the same password for multiple accounts. Make sure you change your password at least once a month and have a different password for each account. If you don’t cyber-criminals only need to steal your password once to gain access to all your accounts. Finally, as a general security practice, you should check your monthly bank statement carefully to ensure no fraudulent transactions have been made through unknown accounts.
Needing to fill out sensitive information online is inevitable, usually, this is completely safe to do, but that doesn’t mean you shouldn’t be wary. If you find yourself filling out important information online, it’s always worth checking the site’s URL begins with ‘https’ and that there is a closed lock icon to the left of the URL. This indicates a secure communication channel between the browser and the server on which the website is hosted.
Even search engines can show links leading to a phishing webpage, so it’s always worth using the tips mentioned above. If you are still not certain, you should search for the site’s security certification.
Almost all popular browsers allow you to install an anti-phishing toolbar. This toolbar acts as a constant guard by running quick checks on sites you visit and then comparing them to a list of known phishing sites. If a malicious site is found the toolbar will alert you. These Toolbars are usually free, so there’s almost no reason to not install one onto your browser. We must stress these toolbars will not work at identifying every single phishing page, and therefore if you still feel uncertain about a site contact the company yourself directly.
Everyone should have antivirus software on their device. Antivirus software holds special signatures that guard against known technology workaround and loopholes. If you do fall into the phishing trap by clicking a bad link, having a strong antivirus in place could be your saving grace. It’s important to keep this software updated. New signatures are constantly added to keep up with new cyber-attacks.
The rate of phishing attacks is at an all-time high. Cyber-criminals are constantly sending text messages and emails in the hopes you either click a bad link or give out valuable information such as, passwords and account numbers. If these criminals are successful, the consequences can be severe. Identity theft, financial loss and data breaches are a few of the things you can expect to encounter if you fall victim to a phishing attack. Implementing the points we’ve mentioned above will undoubtedly lower your chances of getting caught out by phishing.
The entrust IT Group have over 15 years of cyber security experience working with small and large businesses. Throughout these years we have educated customers and their staff on phishing as well as implementing some of the best monitoring and end-point security solutions – all of which significantly mitigate the risk of an attack occurring. Want to learn more about how you can stay cyber-safe or feel ready to put the right security solutions in place? Please feel free to get in touch with one of our experienced consultants on 0330 002 0045 or email enquiries@entrustit.co.uk