Blog

Have You Prepared Your Employees to Catch Phishing Attempts?

Have You Prepared Your Employees to Catch Phishing Attempts?

While it initially sounds promising to hear that the number of data breaches seen last year went down significantly, it is important to recognize that the number of data records leaked as a result more than doubled. One clear cause was the resurgence in the use of the underhanded malware variety known as ransomware. With this suggesting an increased threat of ransomware incoming, can you confidently say that your business’ team is ready to deal with it?

For your business’ data and operations to remain secure, you will need to take a two-pronged approach—both teaching your team to avoid phishing and evaluating them on their overall preparedness through simulated attacks.

How a Phishing Attack is Carried Out

To start, let’s review the overall process that the average phishing attack tends to follow:

  1. Posing as someone else, an attacker sends a message.
  2. This message can be written in a few different ways, framed as an enticing offer, a very unremarkable email, or a serious alert.
  3. Whatever the case may be, the user is encouraged to react by opening an attachment or following a link.
  4. Because these elements are what introduces the actual threat, these emails can often bypass security protocols and reach the unsuspecting target.

This—and the fact that a phishing attack against you is practically guaranteed to happen at some point—is precisely why it is so important that your team is prepared to spot them as they come in.

Elements to Identifying a Potential Phishing Attack

Have Your Team Think Like a Hacker

Hackers and scammers are unfortunately very crafty when it comes to their schemes, often tying in current events to add some perceived legitimacy. The past year has seen no shortage of COVID-19-themed phishing attacks, seeming to offer updates and information.

Hackers rely on user panic and impulsive reactions, so reinforce the importance that your users take an extended look at them before acting on them.

Demonstrate Risky Links

Hackers will also commonly use spoofed links to fool their targets. A spoofed link can take a few forms, but regardless of how it looks, it will direct a user to a website different from the one they expected to go to.

Spotting these links can be tricky, so here are a few best practices to follow. Let’s assume that the spoofed link is meant to look like one that directs to the payment application Venmo as we go through some examples:

If the email is from Venmo, a link should lead back to venmo.com or accounts.venmo.com. If there is anything strange between “venmo” and the “.com” then something is suspicious. There should also be a forward slash (/) after the “.com.” If the URL was something like venmo.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb:

  • venmo.com - Safe
  • venmo.com/activatecard - Safe
  • business.venmo.com - Safe
  • business.venmo.com/retail - Safe
  • venmo.com.activatecard.net - Suspicious! (notice the dot immediately after Venmo’s domain name)
  • venmo.com.activatecard.net/secure - Suspicious!
  • venmo.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!
  • vemno.com – Suspicious! Be careful to pay attention to the spelling!

As you can imagine, some of these tricks are easier to spot than others, so extra diligence will be called for here.

Provide Your Team with Approved Links

To be particularly cautious, you could also consider giving your team the safe versions of the URLs they are to use. That way, they can seriously investigate the validity of an email without exposing themselves to risk.

Maintain Secure Password Standards

Finally, you need to ensure that your team’s passwords are secure enough that your business isn’t vulnerable that way—because if passwords are too easy to deduce, there isn’t going to be any need for phishing in the first place. Your team should also be supplementing these passwords with additional measures like two-factor authentication, making a breach that much more challenging for a hacker to pull off.

Testing Your Team

Once you’ve taught your team the various things they’ll need to know, you should also confirm that they can apply them. A phishing test is an effective means of doing just that. In a phishing test, you have your own team members phished to evaluate how vulnerable they are to this form of attack. That way, you know where more training needs to be applied.

What a Successful Phishing Test Involves

An effective phishing test, naturally, cannot be one that is expected. Any warning you give should be vague so that your team isn’t on their guard more than they would normally be.

At the same time, you need to be ethical in how you run these tests. Too many companies have received backlash after running phishing tests with questionable tactics, and such tests don’t do much to benefit your security. As with everything else, your phishing tests cannot infringe on the trust of your team.

Speaking of trust, you can trust White Mountain IT Services to assist you with your security needs. Call 603-889-0800 to find out more.

By accepting you will be accessing a service provided by a third-party external to https://www.whitemtn.com/

Related Posts

Saving a little on your technology can go a long ways, but cutting too many corners can lead to additional problems and expensive downtime. Here are a few ways you can cut costs without creating long term issues....
Smartphones may have been some of the first Internet-connected mobile devices, but they are still as vulnerable to attack as ever. This is especially true for those who forsake any sort of mobile device security policy. With modern businesses utilizi...
Today’s headlines are dominated by stories of major companies getting hacked, making the average computer user feel uneasy about their security. If you’re solely dependent on a measly password to protect you from hackers, then you’ve got good reason ...
The online world is a scary place. Viruses, malware, spyware, adware, and more are all out there trying to get at your network. These threats are almost always prevalent, but compared to each other, some are vastly superior and far more dangerous and...
In order for your business to be competitive, you need every aspect of your company operating at maximum efficiency. If just one component of your business isn’t functioning properly, then you’ve lost the competitive edge. This principle applies espe...
It’s the nature of technology to grow more complex over time, and as it does, the types of threats grow alongside it. Security is now more important than ever before, and if your business is not prepared to handle the threats that lurk in the shadows...
Even the most innocent Internet user can fall victim to the stray hacking attack, and it’s all thanks to the manner in which malware reverse-engineers software. This process is how a hacker finds vulnerabilities in software. However, a new security c...
Accessibility and mobility are important parts of a business’s data infrastructure. To this end, some businesses take advantage of a Virtual Private Network (VPN), which has the power to extend a personal network over a private network like the Inter...
It’s the nature of technology to grow more complex over time, and as it does, the types of threats grow alongside it. Security is now more important than ever before, and if your business is not prepared to handle the threats that lurk in the shadows...
Most hacking attacks are the result of a flaw or vulnerability found within the code of a program or operating system, but we rarely take into account the ones that don’t. Hackers often take advantage of the human side of hacking as well, a process k...
Just like Silk Road (the illegal online black market designed to smuggle drugs around the world), there exists an online trade for zero-day exploits. Unsurprisingly, hackers find it exceptionally lucrative to sell these exploits for profit. Now, ther...
When you think of the Internet of Things, does your mind immediately wander into the realm of connected devices that change the way we interact with each other? Or, does it consider the security issues that can potentially become a threat to your ent...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our office in NH.  For locations outside of our service area, we will manage a local vendor to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

603-889-0800

map nashua4 1

 

Open Positions