Phishing is a well-known type of social engineering attack, and yet an estimated 80,000 people fall for phishing scams every day.
These malicious emails or texts look like they are from legitimate sources, but they attempt to trick users into giving up personal data such as credit card numbers or login credentials. Some even install malware that can wreak havoc on a company network and cost the company a fortune in cleanup, fines, and lost customers.
Depending on the permissions granted to an affected account, a successful phishing attempt could give an attacker access to the organization’s most sensitive databases and applications or, in the case of a ransomware attack, allow them to encrypt business-critical data or expose it if a ransom isn’t paid.
In recent years, ransomware attackers moved away from using email in favor of insecure public-facing servers and vulnerabilities in enterprise networks, but lately, security experts are seeing a resurgence in email-delivered ransomware. In fact, the FBI reports that in 2019, business email account compromises resulted in $1.7 billion in losses for U.S. companies.
Cybercriminals are constantly changing their tactics, but there are a few telltale signs an email may be a phishing scam. Malicious emails are often “from” a known or trusted source, such as a bank, credit card company, social networking site, or online store. The sender’s email address may even closely resemble the legitimate company’s address but with discrepancies such as slight spelling differences, missing letters, or altered punctuation, like an underscore instead of a period.
Other red flags to watch out for include:
Once opened, the email copy prompts the recipient to click a link or open an attachment to complete an action. Some common phishing prompts include:
Cybercriminals are adept at getting past malware filters, so it’s likely you will occasionally find a phishing email in your inbox. If you do receive a suspicious-looking email, do not reply to the email, click any links, open any attachments, or give out any information. Immediately forward the email to the appropriate IT security administrator in your organization so they are aware of the phishing attempt and can deal with it appropriately.
With a global pandemic on everyone’s mind and the constant barrage of distractions to navigate when working from home, there is an increased chance that you or someone in your organization will click a bad link or be tricked into revealing sensitive information.
It’s important that all employees are educated on cyber hygiene and that they know what steps to take if they fall for a phishing scam. The most immediate actions to take after an attack include:
Phishing is on the rise in the wake of COVID-19, and many of the attempts use pandemic-focused messaging to trick users. Following a few best practices can help employees avoid being a victim of a cyberattack and protect your organization’s data and applications from exposure or loss.
Investing in a comprehensive cybersecurity and data protection solution is a highly effective way to save your organization from the expense and headache of cleaning up after a cyberattack. Look for a solution that includes signature-based and signatureless malware detection, deep learning neural network, and anti-exploit technology so your systems are protected from both known and unknown threats.
Because you never know how much or what kind of damage a cyberattack will do, it’s crucial to select a comprehensive solution that integrates cybersecurity and data protection, like Arcserve solutions secured by Sophos. Download Your Guide to a Ransomware-Free Future to learn more about how comprehensive cyber and data security can protect your organization from both today’s and tomorrow’s cyberthreats.