Cyber Security: Phishing Attempts

Reality Alert

A small business had automatic payments set up to go to a vendor who provided their office supplies every month. One day an employee in accounting got an email that appeared to come from the vendor asking that payments to be sent to a different account. Not thinking twice, the employee changed where the payments were sent. Unfortunately, after a few months, the vendor contacted the business wondering why they weren’t getting paid. That’s when the business realized the payments had actually been going to a cyber criminal and not the vendor.

computer

Unfortunately, with rapidly developing technology, these types of scams are becoming more common. Many times, if an email appears legitimate, employees don’t take precautions because they don’t assume someone would be trying to steal money from their company. With today’s technology, however, it’s important to be suspicious of anything and anyone requesting account numbers or other sensitive information.

Phishing Attempts

According to the Department of Homeland Security, “Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information.” Many times businesses will get emails that look exactly like a real email from their bank or a vendor. They often ask for sensitive information to “verify your account” or claim they need to update the company’s information. Once users reply with the information or open a corrupt link in the email, the criminals use the information to access their accounts.

Tips to Avoid Phishing Attacks

  • If an email looks suspicious or has an offer that seems too good to be true, report it to your company’s IT department.
  • Question anything that requests personal information or asks that payments be changed, It’s best to confirm any of these types of changes over the phone with the company, rather than trusting an email.
  • Use a strong password with capital and lowercase letters and numbers/symbols.
  • Make sure your company’s computer system is equipped with updated anti-virus software.
  • Question any hyperlinks in unfamiliar emails. Hovering over the link will show the entire website address which can help verify if it’s legit or not.
Free Incident Reporting eBook