Fishermen are notorious for telling stories about “the one that got away.”
The tale usually goes something like this:
“Twenty years ago, I was out fishing by myself and felt a bite on the line. I could tell it was a big one! I fought for an hour to reel it in… and could see a hundred-pound catfish! But just as I was about to pull it into the boat, it wriggled loose and got away.”
In these accounts, the details may or may not be *slightly* embellished — but it all makes for a good story.
They almost caught it.
But they didn’t — and now it’s all the more savvy and difficult to catch.
When it comes to phishing scams, cyber awareness can make the difference between being on the hook (so to speak) and outsmarting a scammer so they don’t have a story to tell (or more importantly, your valuable information!).
No phishing allowed
Phishing and fishing have more in common than just a similar name — they’re both a means of tricking unsuspecting victims into falling for their trap. Like fishermen, scammers cast out their hooks into the world-wide pool of internet users… to see who’ll take the bait!
And like a fisherman casting out a line into a lake over and over, phishing scammers send thousands of bait emails every day.
There’s a (dumb) joke that goes, “Why are fish so gullible? They fall for things hook, line, and sinker.”
Cyber threats are no joke, but why do people fall for phishing scams (hook, line, and sinker)?
The answer is a lack of cyber awareness.
Phishing attacks happen when a scammer sends a bogus email pretending to be someone that you can trust.
What are they after?
Your personal information.
Or to use your information as a platform to scam other people.
Or sometimes to even hold your information ransom.
Scammers can steal credentials, money, install malware, or even sell your information on the dark web.
No business wants to fall prey to a phishing attack. Instead of getting caught in a scam, you (and your employees) can learn to identify these fraudulent emails and be “the one that got away” from a phishing scammer.
4 ways to NOT fall for a phishing scam
When it comes to phishing emails, scammers are always adapting to trends to stay tricky. Junk filters catch many phishing attempts, but scammers are always working to get past filters and into your inbox. Practicing these cyber awareness tips can help keep you from taking the bait.
1. Question everything!
In avoiding scams, it pays to be cautious.Did you get an email you weren’t expecting (even if you recognize the sender)? Don’t open it!
- Is the email asking for anything financial in nature? Verify the request verbally, not over email.
- Does an email from a vendor look different (or have a different written tone)? Be aware that attackers can impersonate vendors from their mailboxes.
As a business, it’s very important to have internal controls for anything finance-related. Protections like an authorized contact person to send invoices and make payments and security questions can help stay ahead of scammers.
Cyber attackers are hoping you won’t be paying attention. Practice vigilant cyber awareness — and look at emails with a critical eye.
2. Know their tactics
While cyber attackers frequently update their approaches to keep up with trends, there are commonly used tactics you can spot.
Often, attackers will spoof the domain name of a reputable address. Sometimes they change a letter or use a different font or character set. If you use your computer cursor to hover over the sender’s email, this can sometimes reveal a spoofed domain.
Attack from abroad
When cyber criminals go phishing, the whole world is their pond. Frequently, phishing attacks originate from locations abroad. Geofencing is an easy, free, and extremely effective way to limit these attacks. You can limit login access to your business’s information to only the US (or whichever country you do your work).
If something looks off, don’t click or sign.
Phishing emails frequently try to get you to click a link, update your information, or say that there’s an issue with your account. Don’t fall for it. As cybersecurity experts, we at Varay have seen an uptick in phishing attempts involving DocuSign. These attacks target people in decision-making positions who sign contracts.
A key to cyber awareness is recognizing these common phishing strategies.
3. Training to be cyber-savvy
Cyber awareness is a powerful, proactive tool for preventing phishing attacks. Do your employees (and you!) know how to spot a phishy email? Training and awareness are tremendously effective firewalls against cyber crime! Cyber-savvy users can spot the marks of fraudulent emails that sneak past filters.
At Varay, we offer our clients training to hone their cyber awareness. We can train your team to identify legitimate senders, recognize the earmarks of phishing scams, and give them realistic (but still safe) practice in dealing with phishing attempts through monthly phishing simulations.
4. Plan of FOR attack
Sometimes, despite security measures and training — phishing attacks happen. But with a plan, a business can still recover from the disruption of data loss or compromised credentials.
As Patrick, President of Varay, says: “The question is no longer only about preventing attacks — it’s ‘What’s my plan to respond if someone gets through our defenses?’”
When things go wrong (and they WILL go wrong), an incident response plan makes all the difference. Knowing how to respond quickly and effectively (without panicking!) can minimize the effects of a phishing attack — and limit the damage.
Is your business prepared to respond when a scammer gets through your defenses?
- Are you confident in your level of cybersecurity?
- Are your employees trained in cyber awareness?
- Do you have a disaster recovery plan?
- Do you have the tools in place (liability insurance, compliance requirements) and know how to respond (plan for contacting the media, etc.) when your credentials are compromised?
At Varay, we can implement the level of cybersecurity your business needs and develop a plan to stay level-headed and operational — whatever comes your way.
Be “the one that got away”
We’re not sure if scammers sit around telling “phish stories” like fishermen, but our goal at Varay is to make sure your business is one they don’t catch. And with the right level of IT support, your business can face security challenges with confidence.
Are you wondering whether your business is equipped to face security challenges? Contact Varay for a free assessment.