used with permission from HP Technology at Work
Businesses often don’t realize how vulnerable their confidential data is until it’s exposed by a hack. By now, many are aware of external threats to data security and (hopefully) prepare accordingly, but breaches can still occur—despite taking the necessary security precautions. And with phishing, threats don’t need to sneak in the back door; sometimes they walk right through the front.
Phishing is the act of posing as a familiar, trustworthy entity in electronic communications and using that familiarity and trust to get recipients to release confidential information, such as passwords and bank account numbers.
While it’s difficult to pinpoint the exact origin of phishing, variations of the tactic existed as far back as 1995, when a program allowed attackers to pose as AOL company representatives and steal AOL users’ credit card numbers [1]. A recent HP study found that nearly 70 percent of IT professionals experience weekly phishing attacks [2].
All it takes is one employee clicking on a nefarious email link, and your business is at risk. Just ask data security firm RSA, who fell victim to a major security breach in 2011. An employee opened an email thought to contain a spreadsheet of staff salaries, when in fact the email contained malware that gained access to, and exposed, some of the company’s confidential data [3].
While it’s easy to advise that common sense is the best way to avoid phishing scams, that’s not always the case. Some of these emails are so clearly fraudulent it’s almost comical, but even the most cautious employees can be tricked by the authentic-looking scams. So, what are the things to look for when trying to identify a potential phishing email?
The first thing you should do is change the password for the legitimate site you thought you were visiting. Doing this ensures that the hacker who now has access to your old password won’t be able to access your account. If you’ve shared personal information like a bank account number, contact that institution immediately and let them know. They’ll be able to monitor your account and alert you of any unusual activity. To help prevent this from happening again, many browsers have a “report unsafe website” feature, and Outlook’s “junk” feature can help identify future threats.
Even taking all of these steps is no guarantee that you won’t fall victim to a phishing scam. As threats evolve, so too should your methods of prevention. HP Security Research (HPSR) can help your business stay current on today’s threats by providing a broad, independent, and deeply technical view into the security landscape that is unparalleled in the industry. With strong cyber security, malware, and vulnerability research capabilities, HPSR is a proven and respected partner for organizations worldwide.
If companies as large as Target and Sony can fall victim to data attacks, so might your business. By keeping current on threat trends, and establishing a security protocol for your employees, you’ll already be one step ahead of phishing attacks.
[1] Phishing.org, History of Phishing
[2] HP Security Products blog, TippingPoint network security survey reveals top network security concerns
[3] Computer Weekly, RSA discloses phishing-attack data breach details
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…
My worst nightmare would be to date someone who isn’t who they say they are.…