You're familiar with the scene: clicking through emails to try and clear out your inbox – or at least reduce the "unread" messages total from 1,343 to somewhere in the triple digits – and you encounter an email from your credit card company or your IT department. Or maybe it's from your favorite social media platform.
Or maybe it's even more thrilling, and the email claims you've just won something super neat. All you need to do is enter a few pieces of personal information to secure your prize/confirm your identity/access your account.
But you haven't won anything, except maybe an all-expenses-paid trip to your IT department.
Ideally, you'll recognize a phishing attempt before you enter your password or bank account details. But many people don't.
No matter how savvy we are, those nefarious folks behind the phishing scams are clever, too. They do a fine job making their emails look legit, using the correct logos and URLs that look so close to the real thing that we don't pick up on the extra letter in bankeofamerica.com.
Tips to Spot and Avoid Phishing Attacks:
- Look for Typos
Phishing emails often contain typos and wonky grammar, so give the email a read and see if you notice anything amiss. Besides, it's good practice to test out your grammar and proofreading skills.
- Check the "Sent From" Email Address
Who sent the email? Do you recognize the sender? Sometimes the email address is clearly unrelated – a sure tell of a phishing scam if we take a second to look. But sometimes, it’s not so obvious. Check the address for typos or an extra character that isn't supposed to be there. Is it an email from email@example.com or firstname.lastname@example.org?
- Don't Click Any Links
If the email prompts you to click a link, don't do it. If the email is from American Express, for example, and it provides a link – ignore it. Instead, open your browser, go to the American Express website, and navigate to where the email is instructing you to go. You'll likely find your account is just fine.
- Confirm Internal Emails
Phishing scammers don't just mimic external entities – they might even claim to be part of your company. If an email purports to be from your IT team or administrator, check with your IT help desk to confirm.
- Notify Your IT Team
If you think you have received a phishing email, don't click on it. Take a screenshot (don't forward the email, which might prompt the recipient to click the link you've so smartly avoided) and share it with your IT team. They can look at it and determine the best course of action to keep your organization secure.
A little sleuthing goes a long way in keeping your data and your company's data secure. While there's no prize for your efforts, security itself is a big win.
If you have any questions about your company’s cyber security, please reach out. We would be more than happy to help.
Zero-trust is all the rage these days – and with good reason. And no, I’m not talking about the zero-trust you have for the telemarketer calling with that extended car warrantee that you absolutely must have. I’m talking about zero-trust in terms of cybersecurity. It’s a shift in security philosophy that requires more in-depth tactics to prevent a security breach.
Everyone started working remotely in 2020, including the Uprise team, and it became immediately clear that this new style of working came with a new set of challenges. Two main concerns emerged: how best to deal with increased cybersecurity risks and how best to motivate a remote team.