10 Tips To Help Employees Recognize and Prevent Phishing Scams

2020-04-23-10-Tips-To-Help-Employees-Recognize-and-Prevent-Phishing-Scams

Compliance training is taking on new relevance as organizations and their employees adapt to evolving changes caused by COVID-19. Unfortunately, criminals are exploiting the pandemic with sophisticated phishing scams that attempt to trick people into divulging personal and business data, sending in money or downloading malware attachments. Training employees on information security and how to keep confidential data out of the hands of cyber criminals has never been more important.

Phishing is a form of social engineering — the concept of exploiting human psychology to manipulate people into sharing personal or other confidential information via emails, texts, phone calls and social media. For example, criminals impersonating tech support staff trick employees into providing their passwords. Spear phishing is a form of phishing where fraudulent emails are sent to targeted individuals or organizations in an effort to access specific confidential data.

The Federal Trade Commission (FTC) says phishing emails and text messages often tell a story to deceive people into clicking on a link or opening an attachment by:

saying they’ve noticed some suspicious activity or log-in attempts
claiming there’s a problem with an account or payment information
requesting confirmation of personal information
including a fake invoice
wanting the recipient to click on a link to make a payment
saying the recipient is eligible to register for a government refund
offering a coupon for free stuff

Phishing Tips

As part of an organization’s ongoing cybersecurity training and communication, these 10 tips can help raise awareness of phishing attacks, change employee behavior and keep information security top of mind:

Think before opening emails from unknown senders.
Be wary of all attachments and scan them before opening.
Look for misspellings and poor grammar in emails. These are red flags for phishing scams.
Confirm that the name and the email address are consistent.
Hover the cursor over a link to see the address. If it’s different from the URL in the message, it’s probably a phishing email. Look out for variations, such .com and .net.
Retype the website address into the browser instead of clicking the link in the email. Do not copy and paste — it can be deceptive and add risk.
Be suspicious of messages that contain threats, request urgent action or create fear.
Don’t give out passwords or other personal information to anyone via email.
Be aware of fraudulent links posted on social media that compromise and infect the individual’s social media account and network.
Report any suspicious emails to a manager or the IT department.

It really comes down to being cautious and careful. Careful before opening an email from an unfamiliar sender, and extra careful before clicking a link or opening an attachment. And when in doubt, promptly contact a supervisor or IT.

Our Cybersecurity Awareness training helps employees understand how to apply cybersecurity hygiene to protect an organization’s digital infrastructure while ensuring compliance with relevant laws, industry standards and company policies.

We also offer Phishing Simulation as a way of giving employees a practical, hands-on experience to improve their ability to spot phishing threats.