Phishing and Spear Phishing are becoming more common and more dangerous. It’s critical that all of your employees be aware of it and know how to spot it.
Phishing is any attempt to trick you into providing info or doing something. Most typically this involves sending an email (or text) that looks like a legitimate message from a legitimate company. (For example: You receive an email from your bank or Microsoft saying your account is overdrawn and asking you to click here to resolve the problem.) These messages can look very real. They may have the correct logos, graphics and format of legitimate emails from these companies.
Spear Phishing is much more targeted to you personally than a standard phishing attempt. It may appear to be from your boss, co-worker, vendor, or friend. It may reference something about your job.
For example: You receive an email claiming to be from your boss asking you to wire transfer money to some account. It has your boss’ name and you are the accounting person that he/she would normally ask this of. It may even reference some other specific info relevant to your job or your company. If you reply asking for more info or to confirm something they reply back answering your question.
Spam and Virus filters can stop some phishing attempts but unfortunately they are not very good at stopping spear phishing. These messages tend to look like normal emails and do not contain lots of graphics, language or bad links that would normally trigger the filters.
There are some services that can help identify spear phishing but they tend to be expensive. Ultimately the best protection is training and vigilance.
The best protection against phishing is awareness and training. Teach your users to watch for and recognize phishing attempts. In almost all cases phishing attempts can be identified if the user is paying attention and knows what to look for.
Before we discuss how to identify phishing attempts let’s talk about some other things you should do to keep yourself safe:
There are many ways to identify phishing attempts and a great resource is available at http://www.phishing.org/10-ways-to-avoid-phishing-scams. Here are some key things to look for:
Willits Technologies provides an anti-phishing service that scans your email and identifies Phishing and Spear Phishing attempts. It also learns the normal email addresses used by your employees in order to better recognize when an email comes from the wrong address. Like spam filtering services, anti-phishing services cant guarantee to catch everything but they are very effective and catch the vast majority of phishing and spear phishing attempts.
Ultimately, the best way to keep your business safe is to teach your employees how to recognize phishing attempts and to always be vigilant. Implementing a Security Awareness Training program can help with this. Security Awareness Training teach your employees how to recognize phishing attempts and sends simulated phishing attacks to test them on an ongoing basis. If an employee clicks on a test email, they are launched into more training. Over time this dramatically reduces your risk by keeping your employees well trained and alert. Willits Technologies provides Security Awareness Training for a very reasonable monthly fee.
Please contact us if you have any questions or to find out more about how Willits Technologies can help keep your business safe from Phishing.