Thanks to the coronavirus pandemic, there’s been an increase in phishing scams over the past several weeks. Criminals are using people’s fear and anxiety to find ways to obtain valuable data, like personal information and login credentials, by disguising themselves as members of reputable organizations. For example, there are emails and official-looking (but fake) websites claiming there’s a COVID-19 treatment in the works and invite victims to invest in it.
But even before the pandemic, phishing and other cyberthreats have been on the rise in Florida. Just last year, the cities of Riviera Beach, Lake City, Naples, and Key Biscayne were hit by network security breaches. Worse, experts warn that cyberattacks against government and private institutions will continue to increase. Pandemic or not, it always pays to be alert for all sorts of cyberthreats, especially phishing.
Pandemic or not, it always pays to be alert for all sorts of cyberthreats, especially phishing.
What are the signs of a phishing attack?
The objective of phishing is to convince targets to provide confidential information, with most attacks employing tried-and-tested methods. Beware of any of the following six signs that indicate a possible phishing scam:
- Unexpected or random email – Most cybercriminals will try their luck by targeting as many people as possible. If you receive an email about a purchase you’ve never made or an offer that comes out of the blue, view it with caution and skepticism. And don’t click on any links or attachments.
- Attachments that look suspicious – A popular phishing method involves email attachments that infect a recipient's device with malware. If you receive an unexpected email, never open any attachment that comes with it. Instead, scrutinize the attachment first. Is it an uncommon file type? Is it an executable file, with the domain extension .exe? If it’s unfamiliar, then it’s best to trash the email.
- Misspelled or mismatched addresses or URLs – In order to fool you into believing that the email or website is genuine, criminals will use the following tricks:
- On email – They will make the email address look similar to an official company address, so watch out for a replaced letter or number, like firstname.lastname@example.org. If an email has a link, hover your mouse over it. A small window will appear to reveal the real destination of the link. If there’s a mismatch between the two, the email is most likely a phishing trick.
- On websites – Cybercriminals these days are savvy enough to create legitimate-looking websites using company colors, logos, and other brand images. Don’t be fooled by them. Instead, closely examine the URL in the address bar of your web browser. If there’s a misspelling, a mismatch, or a substituted letter, for example www.coca-co1a.com, then the website isn’t legitimate.
- Requests for confidential data – Reputable organizations will never ask for sensitive information to be given over the internet. Should someone claiming to represent your bank asks for your bank details, passwords, login details, and credit card numbers, be suspicious. Double-check with your bank first, making sure not to use the contact details stated in the suspected email.
- Too-good-to-be-true reward offers – Cybercriminals will employ ways to make you click without pausing to think. One way is to offer rewards that are either instant or generous in exchange for doing a simple task like clicking the link or filling out a survey. Remember the sayings: nothing’s for free, and there’s a sucker born every minute.
- A sense of urgency or use of threats – Another way cybercriminals will compel you to act immediately is to pressure you with deadlines or threats. Don’t panic when you see messages like “Act now!” or “Noncompliance will result in the suspension of your account.”
What should you do if you fall for a phishing scam?
In case you let your guard down and fall for a phishing scam, don’t panic. Do the following steps immediately to mitigate the effects of such a mistake:
- If you’ve clicked a link or launched an attachment, run a system-wide scan with your antivirus software.
- Change your password and other access information immediately. If you use the same password for your other accounts, change them too. It’s best if you have a unique password for each of your online accounts.
- Report the incident. Alert your IT or your managed IT services provider. Call your bank if you provided your bank or credit card details. File a police report. Also file a report with the appropriate government agency:
- Federal Trade Commission for identity theft
- National Fraud Information Center for email scams
- FBI’s Internet Crime Complaint Center for other internet crimes
- Inform the organization that the cybercriminal impersonated.
- Keep a close watch on your accounts for any suspicious activities for the next few weeks.
When it comes to cybersecurity, it’s best to partner with our IT experts at HERO Managed Services LLC. We’ll provide you with multiple layers of cybersecurity and 24/7 IT support. Protect your business from phishing and other cyberthreats. Contact us today, so you will always have a HERO by your side.