fbpx
Mytek Logo
MyTek Logo

Arm Yourself Against Phishing Scams – Vigilance is Key

by | Feb 12, 2021 | MyTek Blog, Security

Q

Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

Have You Prepared Your Employees to Catch Phishing Attempts?Spotting Phishing attempts has become quite easy for the most part, and believe it or not the number of data breaches seen in 2020 went down significantly. Phishing scams tend to be a manual approach to exploiting money and/or data from a business or individual. An additional cause to this decline is likely human nature, because we are lazy when it comes to this kind of thing and security has gotten better. However, what is on the rise is ransomware. A far more automated approach to exploitation and ransoming back to you the data that makes your business run.

This doesn’t mean that you should become lax on educating your employees on phishing scams and how to deal with them. To keep your business’ data and operations secure, you will need to take a two-pronged approach, how to avoid phishing and evaluate attempts and increase preparedness through simulated attacks.

Phishing Attack Method

There is a method that an average phishing attack follows for the most part:

  1. Posing as an employee, administrator, or even an owner of a company, an attacker will send a message.
  2. This message often poses as an enticing offer, something innocent, or a serious alert.
  3. The user is instructed to open an attachment or follow a link.
  4. By the nature of how emails like these are introduced, it often bypasses security protocols and reaches their target.

Since this type of phishing by design can circumvent security measures, staying on top of new scam methods and educating your workforce is more important than ever.

Think Like a Hacker

By the nature of phishing, hackers often tie in current events to add some perceived legitimacy, especially if your company is public, or if you regularly publish goings on within the company. But as far as public and relevant goes, the past year has seen a number of COVID-19-themed phishing attacks, offering updates and information to a vulnerable audience.

Hackers tend to rely on a user’s panic and impulsive reactions, hence education goes a long way when protecting your company.

Demonstrate Risky Links

Hackers will use spoofed links to fool their targets as well. A spoofed URL is a redirect to a website, or a mirrored legitimate website that sends you to a domain with intent to capture information. To recognize something like this let’s assume that the link is dressed to look like one that goes to Venmo.

If the email is from Venmo, the links should go to venmo.com or accounts.venmo.com. If there is a deviation from those URL’s then there is already something that is suspect. Also, there should always be a forward slash (/) after the “.com.” If the URL was something like venmo.com.mailru382.co/something, this an adjunct address that likely doesn’t belong to them and you are being taken advantage of. A few rules of thumb to follow with URL’s:

  • venmo.com – Safe and is the root domain.
  • venmo.com/activatecard – Safe – a simple page address within the main domain.
  • business.venmo.com – Safe – A subdomain that is typically used to categorize a service or location. 
  • business.venmo.com/retail – Safe – A mixture of a subdomain and service designation.
  • venmo.com.activatecard.net – Suspect – The dot immediately after Venmo’s .com are signs of a brand new domain
  • venmo.com/activatecard/tinyurl.com/retail – Don’t Click! – Don’t trust dots after the domain, and TinyURL is used to condense hidden URLs, in this case a nefarious redirect is most likely.
  • vemno.com – Wrong! – Don’t let transposed letters fool you!

Some tricks are easier to spot than others, so naturally diligence is necessary where this is concerned.

Provide an Approved Links List

You can give your team the safe versions of the URLs they are to use, though this is a very intensive approach as this is a list that will be ever growing, but they can quickly investigate the validity of an link without exposing themselves  and your company to risk.

Implement Current Password Standards

Staying up-to-date on your team’s passwords and making sure they are secure is going to go a long way. Maintaining a password that can withstand a brute force attack goes a long way in protecting your infrastructure, and can mitigate the need for phishing in the first place. You should also be supporting these passwords with additional measures like two-factor authentication, creating more hassle for that potential hacker.

Put Your Team to the Test

Once you’ve taught your workforce what they need to watch out for, confirm that they can also apply them. In a simulated phishing attack, have your team members evaluated on how vulnerable they are to this form of attack. Helping you identify weak points and where more training needs to be applied.

Successful Phishing Testing

An effective phishing test cannot be one that is expected. At the same time, be ethical in how you run these tests and evaluate fairly. Too many have received backlash after running phishing tests with questionable tactics, almost doing more harm than the intended good. 

But this is something we can certainly help you with, MyTek is here to assist you with your security needs. Call (623) 312-2440 to find out more.

 

 

 

ABOUT THE AUTHOR

Tim - Team

Tim Tiller, LMSW

 
Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.

Q

Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.

AUTHOR’S RECENT POSTS

Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Share This