Phishing

Phishing scams are bountiful and consistently rank as one of the top cyber threats - add on the Covid-19 pandemic and with tax season only a couple months away - what you’ve got are ideal opportunities for phishing attacks and scams. The FBI’s Internet Crime Complaint Center reported that phishing schemes created $3.7 billion in losses to businesses and individuals in 2019 alone.

Cybercriminals often use malicious emails that are embedded with malware, viruses, or clickbait websites to access and harvest personal and sensitive data. In turn, the stolen information can be used for a myriad of activities ranging from fraudulent tax returns, stolen identities to accessing a business’ financial information. The Federal Trade Commission - Consumer Information provides helpful tips and practices to help protect your business from phishing scams:

1 - CONSIDER THE SOURCE:

Many phishing emails may look legitimate, but always proceed with caution. Thoroughly inspect emails - when in doubt, hover over the email address of the sender to ensure the email address matches the email address you expect. Emails should never ask for your passwords, social security number, bank account, debit or credit card numbers or security codes, or contain unsolicited attachments. If an email is riddled with grammatical errors, typos, or sent from a suspicious email address, delete it immediately and do not click or open any included links or attachments. Many email servers offer configurations to block and remove suspicious emails - consider turning these on.

2 - MOBILE PHISHING:

In addition to computer and email scams, hackers have taken their attacks into your mobile phones. For example, phishing texts are often sent with unsolicited links or ask you to provide a security code. If you don’t recognize the sender number, you can block it using your mobile phone provider’s settings or forward them to SPAM (7726).

3 - UPDATE SOFTWARE AND PASSWORDS:

Regularly update your computer’s security, antivirus, and firewall programs, phone software, and passwords. You can also set your computer and phone software to update automatically to protect yourself from digital security threats.

4 - USE MULTI-FACTOR AUTHENTICATION:

Multi-factor authentication adds an extra layer of security and makes it harder for phishers to access your accounts if they’re able to obtain your username and password. These additional credentials needed to access your accounts fall into two categories:

1) Something you have — a passcode you get via text message or an authentication app.

2) Something you are —  a scan of your fingerprint, your retina, or your face.

5 - PROTECT YOUR DATA, BACK IT UP:

Back up important data consistently - make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive and your phone’s data to any trusted cloud storage.

Being cautious is the best line of defense and imperative to protect your business from phishing vulnerabilities. Report phishing incidents to the FTC at ftc.gov/complaint. Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.organd phishing text messages to SPAM (7726).