Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get unsuspecting people to share valuable personal information—such as account numbers, Social Security numbers, or login IDs and passwords—which scammers can use to steal money, your identity or both. Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies, or they may pretend to be a colleague or a familiar vendor.
Scammers also use phishing emails to get access to your computer or network to install malware. Malware includes viruses, spyware and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads. A lucrative form of malware for scammers is called ransomware, a program that can lock you out of important files on your computer.
To reduce the risk of falling for a phishing attempt or downloading malware, you should train every employee or contractor who has access to your network—including yourself. Here are 13 things to keep in mind as you establish strategies to protect your business:
Tip No. 1: Think twice before clicking on links or downloading attachments and apps. Even emails from your friend or colleague could be dangerous. Files and links can contain malware that can weaken your computer’s security. You also can get malware from visiting a compromised site or through malicious online ads.
Tip No. 2: Do your own typing. If a company or organization you know sends you a link or phone number, don’t click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
Tip No. 3: Make the call if you’re not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If a colleague or a vendor asks for personal or financial information, pick up the phone and call them yourself using the number in your address book or on their website, not the one in the email.
Tip No. 4: Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both a password and an additional piece of information to log in to an account. The second piece could be a code sent to a mobile device, or a random number generated by an app or a token. This protects an account even if the password is compromised.
Tip No. 5: Back up files to external hard drives or cloud storage. Back up company files regularly to protect against viruses or a ransomware attack. Remember to log out of the cloud and unplug external hard drives so hackers can’t encrypt and lock your back-ups, too.
Tip No. 6: Get well-known software directly from the source. Sites that offer lots of different browsers, PDF readers and other popular software for free are more likely to include malware.
Tip No. 7: Read each screen when installing new software. If you don’t recognize a program, or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.
Tip No. 8: Install and update security software and use a firewall. Use security software you trust, and set operating systems, web browsers and security software to update automatically.
Tip No. 9: Don’t change your browser’s security settings. You can minimize “drive-by” or bundled downloads, which are more likely to have malware, if you keep your browser’s default security settings.
Tip No. 10: Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.
Tip No. 11: Don’t click on pop-ups or banner ads about your computer’s performance. Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.
Tip No. 12: Scan USBs and other external devices before using them. These devices can be infected with malware, especially if you use them in high traffic places, like public computers.
Tip No. 13: Talk about safe computing. Educate your colleagues that some online actions can put the company’s computers at risk: clicking on pop-ups, downloading “free” games or programs, opening chain emails or posting personal information.