Phishing scams are making the news again. This time a very believable scam targets Google users. If you think you know everything about protecting yourself, be aware that many tech savvy users were duped on this one.
Here’s how they did it and how you can protect your business and employees.
What is a Phishing Scam?
Phishing scams often use emails requesting information to lure a recipient into giving up personal information such as a social security number, account number, or password. These cyber criminals frequently send requests from well-known businesses or people the recipient knows. They get this information from a hacked account.
In the case of the latest Google phishing scam, the perpetrators sent an email from one of the recipient’s contacts along with an image. When the recipient clicks on the image, it opens up what appears to be a Gmail login page. However, if you enter in your information, you’ve been victimized.
What differentiated this phishing scam from what we’ve seen in the past is the level of sophistication. It was reported that one recipient received an email from a known contact with a subject line he had used before. Also, the attachment was an athletic schedule he had been waiting on.
The detailed information the cyber criminal was getting from the hacked account makes for a much more believable situation.
Your Business Will Never Be the Victim of a Phishing Scam
Let’s be honest, your business will never be a victim of a phishing scam but your employees will be, and thus your business is at risk. Phishing scams work through email and prey on the gullible, the uninformed, and those rushing too quickly through their email inboxes. Since it can happen to anyone, it’s important you protect your business by educating your employees and teaching them these five things:
- Look at every email carefully before clicking on anything, even if you know the sender. Don’t click on any links without a subject line or content in the email, other than the link. If you receive an email with only a link and you think it might be legitimate, contact the sender by sending a separate email. This goes for companies too. When in doubt, contact them directly from their website.
- Hover over links before clicking on them to see where they go. Cyber criminals know that people do this and often they use very long URLs that contain parts of the company you’d expect and then tack on much longer redirects at the end. Look at the whole URL, not just the first ten characters.
- Never send personal information over an email. If you need to give a credit card number to someone, call them or use a secure site.
- Don’t enter personal information in a pop-up screen. Yes, marketers love pop-ups to get our attention, but a legitimate business doesn’t use them for entering or verifying personal information. They’re going to direct you to a secure site page.
- Know the limits of government. You will NEVER receive information from the IRS through email. They don’t use it to contact constituents. Neither do courts or police departments trying to get you to pay speeding tickets.
Finally, if you receive anything that makes you leery, it’s better to be safe than sorry. Contact your IT department and ask them to take a look for you. Phishing is different than a virus. The harm is in giving out the information but it’s still best to get tech involved as soon as possible.
If you’re feeling the burden of cyber security and want your business to be safer than it is, consider managed IT services. At CIO Tech we can ensure you’re always up-to-date with the latest software patches and your servers are monitored for breaches.