Phishing attacks can happen to anyone whether you’re a CEO, financial analyst, nurse, janitor, IT specialist, or receptionist. In the 2020 Internet Crime Report, the FBI revealed phishing was the top reported cybercrime, consisting of 241,342 reported incidents. This number has more than doubled since 2019. Phishing attacks often consist of an email that is “URGENT”, includes links, or requires you to download an attachment. In the United States, 74% of organizations experienced a successful phishing attack, causing over $54 million in damages. Phishing is no longer simply a means of stealing credentials, rather hackers are creating more sophisticated phishing attacks to cause greater damage. A 2020 study that polled over 1,000 MSPs showed that phishing is also the leading cause of ransomware attacks organizations, which is why it is more important than ever to be vigilant.
Since one wrong click can lead to a compromised organization, Stern Security has prepared four tips to help identify and protect against a phishing attack.
- Be Skeptical – It May be a Scam
- Is the email asking you to log into a site or reset your password?
- Is there a sense of urgency in the email?
- Did you “win” something?
- Links and Attachments – Do not click links or open attachments that you are not expecting.
- When in doubt, Call – Call your service desk or security team if you are suspicious of an email. You can also call the sender if you know them to see if they really sent it. Don’t call the number in the email as this could be a spoofed or fake number.
- Report It – Did you catch a phish? Great work! Now report it to your security team because others may have received the same email.