A Phishing Trip You Won’t Soon Forget!

Many contractors enjoy a fishing trip to Canada or up north with family and/or friends to get away and relax. The time away recharges their batteries for what now feels like a year-round busy season.

Another type of phishing trip will you leave feeling anything but relaxed as it could leave your bank account lighter, your credit card loaded up, or you unknowingly downloading malicious software that will steal confidential personal information. Phishing schemes take multiple forms including email and phone calls. It is likely you have received both in the last six months. Our focus today will be on the email form.

Phishing normally begins as an email message from what appears to be a legitimate source (ie. your bank, accountant, credit card company, payroll company) that is requesting immediate action. The email is trying to scare you into clicking on a website link or to provide account information including passwords and/or user names that can be harvested. The phishing scammers will then use this information to steal your personal identity and/or create a way for them to upload a ransomware virus that locks down your company’s entire computer network.  An email of this nature is almost always a phishing scam as the companies they are pretending to be would never request you update your username and password, share your full social security number or other sensitive personal information via email.

Here are 7 tips to help identify and protect yourself and your company from phishing emails:

1. Watch for Copycat Graphics — In an attempt to get you to click through to a website, often times the scammers copy the graphics of legitimate companies like Amazon, Facebook, or your credit card company.
2. Watch for Spelling/Grammar Errors — Many of these attacks originate outside of the U.S. and, as a result, often include simple spelling and/or grammar errors.
3. Check the Email Address — Many times a letter is added or deleted to appear as a reputable domain, such as ‘aol.om’
4. Check the Website Link — Often times the website included is almost identical to a legitimate website you have utilized in the past. Hover your mouse over the link to see the address and make sure it’s really taking you to the site it’s claiming to be.
5. Be Wary of Threats — Normally, a phishing email includes some type of threat they are hoping will cause you to take immediate action—(ie. Your bank account will be frozen, email account deleted including all saved emails, insufficient money in your account to process payroll). Instead of taking action via email, call the company directly to confirm any threat you are unsure about.
6. Never Click on a Suspicious Link – Instead, do an internet search of the exact title of the email and/or website you are being asked to visit. Often the phishing scam will pop right up near the top of your search.
7. Employee Continuing Education –Regularly update employees of these attacks as they are getting more sophisticated all the time. Designate a company gatekeeper with an IT background to vet suspicious emails uncovered by employees.

The bottom line is criminals continue phishing attacks because they are successful.Education and training for you and your employees is the key to not becoming a victim. If you feel that have fallen victim to a scammer, contact the Federal Trade Commission (FTC) and the financial institution(s) affected immediately. You can also find valuable information about reclaiming your identity on a site set up by the federal government at https://www.identitytheft.gov

If you'd like to learn more about these type of attacks, watch our webinar on IT Security and Social Engineering: