Cyber attacks and COVID-19-related scams have skyrocketed over the past several weeks. Cyber criminals are taking advantage of both the public’s pandemic-related fears and the flood of businesses transitioning to remote workforces. A recent survey shared that more than a third of senior technology executives have seen an increase in cybersecurity risks as employees transition to working from home, and phishing attacks have reportedly risen by a drastic 600 percent.
In light of these numbers, it’s essential that business owners and employees do everything they can to optimize their cybersecurity practices against these targeted attacks
Every business should, of course, utilize software security solutions. But another essential aspect of your cybersecurity is knowing how to recognize and avoid phishing attacks. Here are some practices to implement to stay safe from phishing attacks.
Recognizing an Email Phishing Attack
Phishing emails are disguised to appear like they come from a trusted sender, but they attempt to solicit your personal information or infect your computer with malware through attachments or links. Luckily, there are some common characteristics that many phishing emails have. If you look out for these features, you have a better chance of recognizing a phishing email when you receive one:
- They use a fake domain name. Many phishing emails will be sent from an email address using a domain name that looks real at a glance but is slightly misspelled. For example, a sender might use the domain name @amazom.com instead of @amazon.com in hopes that recipients won’t notice the switch. If you receive an unexpected email, carefully read the domain name and check whether it is an email address that the company has used to contact you before.
- They ask for personal information. Phishing emails will often ask you to divulge personal information such as your phone number, Social Security number, bank number, or login information, or to make a payment. Personal information should never be sent via email, and you should only log in or make a payment by going directly to the company’s official site—never via a link sent in an email.
- They include suspicious attachments or links. If you weren’t expecting to receive an attachment or aren’t sure what’s inside, don’t click on it.
- They claim you’ve won something. Always be wary of claims that sound too good to be true—they usually are. Treat these types of emails with extreme caution, especially if they’re from someone you don’t recognize.
- They threaten negative consequences. A legitimate company will never use scare tactics to threaten you. Phishing emails may try to convince you that your account will be shut down or your Social Security number will be suspended if you fail to respond with your personal information, but this is not true. If you are worried, you should verify the claim’s validity by calling the company directly or emailing a customer service address found on their website.
- They include grammar mistakes or strange-sounding wording. Although real businesses may make the occasional spelling mistake, phishing emails often contain multiple mistakes or use wording that just sounds odd. Watch out for grammar mistakes and clunky sentences that don’t sound legitimate.
Coronavirus-Related Phishing Attacks
There are a number of specific coronavirus-related phishing attacks currently being used. Here are a few of the most common to be aware of:
- Criminals pretending to be the WHO: The World Health Organization is constantly posting updates on COVID-19’s spread and developments. Hackers are increasingly sending fraudulent emails claiming to be from the World Health Organization, encouraging you to click malicious links or open deceptive attachments.
- Criminals asking for information required for stimulus checks: As part of the CARE Act, the US government is sending stimulus checks to adult US citizens. One scam that capitalizes on these checks solicits your personal information. A scammer contacts a victim and insists that they hand over personal information in order to receive the check—but it is not necessary to give any information to receive a stimulus check. These claims are fraudulent and could result in identity theft and financial loss.
Follow Official Updates
It’s highly recommended that you keep up with official updates so that, in addition to watching out for phishing attacks in general, you can be prepared for attacks from new and unexpected angles or sources. The Federal Trade Commission is listing updates as emerging scams are reported. More awareness means better protection for your company.
Work with a Managed Service Provider
When you work with a qualified Managed Service Provider (MSP), you can receive comprehensive cybersecurity solutions. In addition to helping you choose and install software and equipment to keep your company safe, your MSP can help with other aspects of your security, including creating a plan for training your employees on cybersecurity practices and planning for your business’s continuity in case of future disruptions.
Following these suggestions will help you secure your business against cybercriminals and steer clear of phishing attacks, both now and in the future.