By Darren Jacobson
Phishing is a term used to describe the illegal attempt to acquire sensitive information such as user names, passwords, and credit card details through the use of fake emails (or instant messages). According to Verizon, 23% of recipients now open phishing messages and 11% click on attachments. To protect sensitive data, businesses must remember that employees are the first line of defense against these sorts of attacks and ongoing training programs are necessary.
That said, Microsoft has identified the following key ways to identify fake emails:
- Spelling errors and bad grammar. Since professional companies and organizations have staff to proof read emails and fraudsters do not, most notably the fake emails will have spelling and grammar errors within.
- Beware of links in the email. Rest the mouse over the website link (don’t click) to see if the website address appears suspicious.
- Threats. You may receive notice of accounts closing without immediate action or warnings that your security will be compromised without a response.
- Spoofing popular websites or companies. There may be slight differences in the email address or the company logo, so review carefully.
Once the fake email has been identified, be sure to notify your IT department of the occurrence so they can notify all other staff as you are most likely not the only team member targeted. Remember, you are the first line of defense in this sort of attack; be vigilant.
Ashland Partners provides several services, including Cyber-Security education and training, to assist you with your specific needs in identifying and mitigating risks for investment management firms. If we can be of service to you, please contact Jason Millard at 1.541.842.8477 or firstname.lastname@example.org.