Categories: Articles

Phishing: Still a concern

used with permission from HP Technology at Work

Businesses often don’t realize how vulnerable their confidential data is until it’s exposed by a hack. By now, many are aware of external threats to data security and (hopefully) prepare accordingly, but breaches can still occur—despite taking the necessary security precautions. And with phishing, threats don’t need to sneak in the back door; sometimes they walk right through the front.

The ins and outs

Phishing is the act of posing as a familiar, trustworthy entity in electronic communications and using that familiarity and trust to get recipients to release confidential information, such as passwords and bank account numbers.

While it’s difficult to pinpoint the exact origin of phishing, variations of the tactic existed as far back as 1995, when a program allowed attackers to pose as AOL company representatives and steal AOL users’ credit card numbers [1]. A recent HP study found that nearly 70 percent of IT professionals experience weekly phishing attacks [2].

All it takes is one employee clicking on a nefarious email link, and your business is at risk. Just ask data security firm RSA, who fell victim to a major security breach in 2011. An employee opened an email thought to contain a spreadsheet of staff salaries, when in fact the email contained malware that gained access to, and exposed, some of the company’s confidential data [3].

The dos and don’ts

While it’s easy to advise that common sense is the best way to avoid phishing scams, that’s not always the case. Some of these emails are so clearly fraudulent it’s almost comical, but even the most cautious employees can be tricked by the authentic-looking scams. So, what are the things to look for when trying to identify a potential phishing email?

  • Unusual sender address: Many times, the address will appear legit at first glance, but if you look closely you’ll often notice some slight discrepancies (for example, “name@h-p.com” instead of “name@hp.com”).
  • Unusual URL: Similarly, if something seems off about the website URL they want you to click on, it probably is. Even if the link is disguised as a hyperlink, you can still hover over it before clicking to see the full address.
  • Lacks personalization: If an email is telling you that your account has been compromised, or that you need to verify your password (all common phishing tactics), you would expect to see some personal information included (for example: name, account number, address). Since phishing attacks are sent out to millions of people, it’s rare that they actually contain this correct information.
  • Misspellings: This is often the quickest way to identify a possible attack. The more misspellings, the more likely the email isn’t what it claims to be.
  • Urgent action: “Please click this link/fill out this form immediately.” If it was really that urgent, someone would have called you.
  • When in doubt: Don’t download any pictures. Don’t click on any attachments. Don’t click on any links. Don’t reply to the message. Don’t call any number listed on the email.
  • The “What now?”: It happens. Maybe you weren’t paying attention. Maybe the email was so convincing you had no reason to doubt its authenticity. So you clicked on the link and… oops. If this happens, there isn’t much time to feel sorry for yourself.

The first thing you should do is change the password for the legitimate site you thought you were visiting. Doing this ensures that the hacker who now has access to your old password won’t be able to access your account. If you’ve shared personal information like a bank account number, contact that institution immediately and let them know. They’ll be able to monitor your account and alert you of any unusual activity. To help prevent this from happening again, many browsers have a “report unsafe website” feature, and Outlook’s “junk” feature can help identify future threats.

Even taking all of these steps is no guarantee that you won’t fall victim to a phishing scam. As threats evolve, so too should your methods of prevention. HP Security Research (HPSR) can help your business stay current on today’s threats by providing a broad, independent, and deeply technical view into the security landscape that is unparalleled in the industry. With strong cyber security, malware, and vulnerability research capabilities, HPSR is a proven and respected partner for organizations worldwide.

If companies as large as Target and Sony can fall victim to data attacks, so might your business. By keeping current on threat trends, and establishing a security protocol for your employees, you’ll already be one step ahead of phishing attacks.

[1] Phishing.org, History of Phishing
[2] HP Security Products blog, TippingPoint network security survey reveals top network security concerns
[3] Computer Weekly, RSA discloses phishing-attack data breach details

EMT

Recent Posts

Implementing Anti-Spoofing Rules for Email Protection

Increasingly, email communication is playing a pivotal role in business operations, facilitating collaboration, customer engagement,…

11 hours ago

The Comprehensive Benefits of MSP Management for Servers, Exchange, O365, VPN, and Networks

As the digital landscape evolves, businesses of all sizes face the challenge of managing complex…

11 hours ago

Cost-Benefit Analysis of On-Premises Network/Server Infrastructure vs. Azure-Based Cloud Infrastructure

In the evolving landscape of information technology, businesses constantly seek the most efficient and cost-effective…

12 hours ago

The Importance of Rigorous Security Protocols: MFA, VPN, Password Strength, and MSP Management

In an increasingly digital and interconnected world, the importance of robust security protocols cannot be…

12 hours ago

Robust Cybersecurity is Vital for Small to Medium-Sized Businesses

In today’s digital age, cybersecurity is no longer a luxury or a concern solely for…

14 hours ago

Understanding Your Printer

Printers are essential tools in both personal and professional settings, yet many people are unaware…

1 day ago