Gone are the days when phishing attempts were easy to identify and limited to only emails. While malicious messages are nothing new, they’re becoming more sophisticated and harder to pick out from legitimate business communications. They are also coming at us through texts, social media chats and even phone calls.
A few simple actions with one of these messages can develop into a problem that spreads quickly across digital channels and devices, but there are things that you can do to defend against phishing attacks and resources that can help.
Vice President, Corporate Information Security Officer Jamie Neumaier knows a lot about tackling security threats. Jamie manages an information security team that works to ensure the people and systems at Erie Insurance stay as safe as possible. He answered questions about phishing scams targeting businesses and offered some useful security tips.
What is Phishing?
Phishing is malicious activity in which criminals try to gain access to user’s information, data, or devices. The goal is to get you to act without taking a moment to think, and when you do, the phishers may:
- Gain access to data and information, which they can exploit.
- Install malware on your system.
- Prompt you to reveal your personal financial information for purposes of stealing money or your identity.
- Access your email and send other malicious messages to your contacts, to exploit others.
Are Businesses Especially Vulnerable to Phishing Scams?
Yes. With more work being conducted digitally, businesses of all sizes are susceptible to attacks. Attackers also assume that small businesses do not spend a lot of money or effort on their security measures making them a potentially easier target.
Phishers can easily find your contact information online and be reasonably confident that any message they send you will be at the very least opened because you’re in a business of being responsive. The phishing messages have also grown in sophistication, so it’s easy to be convinced to visit a malicious website or download an infected file that comes in a message that looks legitimate. If they happen to be the type of phisher to give you a call, they can be very convincing in having you follow their detailed instructions in providing them your valuable information or installing their malware.
How do You Spot a Phishing Attack?
Phishing messages that are poorly written, offer you large amounts of money or ask you for financial assistance have been common for a long time. Most of us know not to open, click or respond to these messages. As mentioned above, phishing attempts aren’t limited to emails either. Hackers now use phone numbers like your mobile number to call you and attempt to have you reveal sensitive information. They may send you text messages as well.
More recently, phishing messages are being designed to look like other emails that you might receive. They may appear to be from someone you trust like a bank, friend, software provider, retailer or vendor, but usually, the timing of the messages is unexpected.
For instance, one common technique is for a hacker to gain access to an email account through a phishing attempt, then access the account and reply to a real email conversation with a malicious link. So, when the recipient receives this email, it looks like a continuation of an earlier conversation, but it asks the recipient to download a document or enter their credentials.
How Can Phishing Attacks be Prevented?
In the course of day-to-day business between you, your employees, customers, and other consumers in general, know what you’re working on. If you receive a message, phone call or email that is unexpected or seems even just a little bit off, verify the validity of the message before taking action. Call the person who appears to have the message and ask if he or she sent it. If the answer is no, it’s a malicious message.