In the Fourth Annual State of the Phish Report by Wombat, 76% of the InfoSec professionals surveyed reported that they had experienced phishing attacks in 2017.
Phishing: The method of collecting data using emails, websites, and links that are designed to mimic trusted sources. Fraudsters trick users into disclosing private information such as passwords and credit card numbers.
While many attacks, 45%, were experienced via phone calls (vishing) and SMS/text messaging (smishing), certain templates garnered the most interactions. In Wombat’s study, 86% came in the form of online shopping security updates; 86% came in via corporate voicemail from unknown callers; and 89% as corporate email improvements. Plus, two simulated templates in particular garnered a near 100% click rate – one that was masked as a database password reset alert and the other claimed to include an updated building evacuation plan.
One of the best safeguards to prevent becoming a victim of phishing scams is to be alert and know how to spot fraudulent sites and emails.
Signs of a Phishing Site:
- Web address – misspelled or incorrect company names, or extra characters indicate illegitimate sites
- Pop-ups – if you are directed to a website that immediately displays a pop-up asking for your log-in credentials – beware! This is probably a phishing site.
Signs of a Phishing Email:
- Immediate action required – be suspicious of emails that include urgent calls to action, state that an account has been compromised, or will soon be closed. Be cautious of emails containing language about maintenance activities, upgrades, and routine security checks. Don’t be tricked into providing your confidential login credentials or personal data.
- Email domains – pay attention to the little details. Don’t trust the email from your favorite retailer if the address is firstname.lastname@example.org.
- Fake website links – beware of links to websites that contain fake logos to mirror the legitimate website. If the web address contains the official company name but is in the wrong position, the site may not be legitimate. When in doubt, navigate to websites directly versus using the links provided.
At the end of the day, be alert and vigilant! With care and diligence, you can keep yourself from getting a snagged in the harmful net of phishing.
It is also wise to consider seeking the support of an agnostic technology agent or consultant. This trusted advisor can help you review your business needs, gain a deeper overview of the wide range of solutions and how each one fits in with what you're trying to accomplish. In addition to assisting you with procurement, they can also handle ongoing care. To learn more about the benefits of working with a trusted advisor, click here.
Simplicity VoIP, based in Richmond, VA, provides hosted PBX, VoIP and business telephone solutions nationally to small, medium, and enterprise-level businesses for a comprehensive unified communications experience. Two distinct Class 5 geo-redundant VoIP platforms are offered in addition to fax-to-email, phones and equipment, and managed services. Named as Richmond’s 11th fastest growing company by Richmond BizSense, Simplicity VoIP’s key to success is its on-site service, installation and training supported 24/7/365 by a world-class client services team.