Phishing – what is it and how to avoid it
We answer the following questions about phishing:
- What is a phishing attack/ scam?
- How can you avoid phishing scams?
- How can you minimise the effects of a phishing scam?
Example of phishing
Picture Jane’s popular and respected law firm.
One day, Jane gets a very official looking email with the subject: “ALERT: Your Bank Account Has Been Hacked”.
Inside that email is a link to a site where Jane can supposedly enter her business’ account info, and see it it’s safe.
Jane is concerned and considers clicking the link to see her account status, but she also knows this could be a scam.
What move do you think should Jane make?The email she received seems just as suspicious as that milk that’s been sitting out since yesterday.
As a matter of fact, it might be an example of “phishing”.
So what is phishing?
In short, phishing is when a scammer makes an email appear as if it’s coming from an official source in order to obtain your sensitive information.
The emails usually look like they were sent from a government agency, a business partner, or bank, requesting that you provide your account or personal info, and open an online door to danger.
They can even contain official logos and addresses that are legitimate.
Has an official-looking email ever show up in your inbox with a heart-attack-inducing message about your bank account?
Remember this: a subject written to make you see red might just be a red flag.
If you aren’t sure whether an email is real or a scam, it’s better to err on the side of caution and leave it alone.
Furthermore, if the email has an attachment to open or a link where you can ‘verify your info’ – move your mouse away.
The above the most common signs that something is amiss.
Being cautious with your work email isn’t just the type of warning your parents gave you about putting on a scarf on a cold day.
A phishing scam can lead to identity theft, theft of money, or worse.
Once you know what to look for, it’s important to know what to do next.
How to avoid getting scammed?
Some phishing is so blatant that you can immediately spot it and mark the email as spam, and move on.
But if you’re even a tiny bit unsure, you can do more to check the email’s validity.
First of all, look closely at who sent the email. Does the email address look legit or is it a personal gmail or hotmail email address?
Even if the email seems to have come from a reputable organisation, it’s best not to be tempted to click the link.
Keep in mind that most major banks and government agencies have policies against asking you to address account issues through email links.They are aware of phishing scams.
The best way to protect yourself is by visiting the company’s website and check your account directly.
Alternatively, you can call the official customer service line to verify it’s an actual alert.
Calls to banks and governmental organisations are usually free of charge.
And this way, you’ll be going straight to the source, where you can ask them whether the email is real or not and deal with any problems there and then.
If the email comes from an unknown source that still seems legit, you can search online to see if other people received similar messages and publicly reported a scam. A lot of people report them in order to alert others so that they don’t get scammed. Again, if you are unsure, it’s best to contact the company directly and using a contact method provided either in a past statement or a letter from them, or their official website.
Protect yourself and don’t click on the link in the email – it could take you to a dangerous website with a virus.
What about your employees?
Educate and inform your employees about phishing scams.
Make sure they understand they types of attacks they may face.
Conduct training sessions with mock scenarios to help them understand the risks.You could deploy SPAM filters (keep in mind they are not always 100% effective) and/ or invest in security software.
Keeping all of your systems with the latest security patches and updates could also help.
I think I have fallen a victim to phishing scam. What should I do now?
Remember Jane and her law firm? She panicked, clicked the link, and put in her account info. So, should she freak out now? No way.
If you think you have fallen a victim to phishing scam, the first thing you should do is change the online passwords for your law firm’s/ business’ vital accounts, including your bank, credit card, social media, etc.
This is especially if you are using the same password for multiple sites/ accounts – this is not recommended! If you are using the same password for multiple sites, change them as soon as possible. Why? Because it’s the best way to protect yourself against attacks. Each one of your account will need (and really should have) its own unique, long, and complex password. That way even if one of your accounts gets compromised, the damage can be contained.
While you are changing your business’ passwords, you should also check your online account and payment setting. This is to make sure that the phishing hasn’t already caused any damage or loss.
Lastly, you should call your bank and secure any and all documents, which can keep your business’/ law firm’s finances from being affected.