Protect Your Data from Phishing Attack

Consult with us now (919) 678 8595

DO WHAT YOU LOVE ...

(we'll worry about your IT problems)

Request a Consultation

MANAGED IT SERVICES

VCIO

CYBER SECURITY

Everything you need to know

World Cup Soccer Phishing Crime

In 2018 the World Cup Soccer tournament was hosted by Russia. Soccer, the most popular sports in the world, had an estimated 3.5 billion fans watching this World Cup tournament. Cyber scammers took advantage of the popularity of the World Cup and duped the fans with phishing emails that included enticing, but totally fake, free trips to Moscow. The scammers were phishing for the personal information of the fans.

Cybercrimes and phishing are on the rise. IT administrators are getting inundated with issues related to phishing emails. 90% of ransomware attacks originate from phishing attempts and it is getting worse every year.

What is Phishing?

Why should I care?

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and asks you to provide sensitive information such as personally identifiable information, banking and credit card details, and passwords. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam. The crooks are trying to steal your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. If these attacks were not successful, the scammers would not continue with them.

The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the sensitive information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more. Look at the following image of an email for some clues indicating this email is actually a scam:

Fake Email Address	You might recognize the first part of the email address but the last part (after the “@” symbol) might be off by letter or may include a number in the usual domain.
Suspicious Attachments	Be careful opening any email attachments received from a company that looks suspicious or the reference is unexpected.
Generic Content and Greetings	Cyber criminals will send a large batch of emails. Watch out for general, nonpersonal greetings like “Dear Customer.”
Urgent Wording or Demanding Actions	Cyber criminals try to create a sense of urgency so that you immediately respond without thinking. Examples include “You’ve won! Click here to redeem prize,” or “We have your browser history pay now or we are telling your boss.”
Poor Grammar	Check for misspellings, incorrect grammar, and odd phrasing as it might be deliberate attempt to bypass spam filters.
Suspicious Links	Place your mouse over the links and see if the destination matches where the email implies you will be taken. Any webpage where you enter personal information should have a URL with https://. The “s” stands for secure.

Take action now

All it takes to potentially crumble a business is one untrained employee being fooled by cybercriminals who will steal critical data or request a fraudulent payment. It’s crucial that employees are trained and educated on the most common phishing email red flags in order to help businesses avoid major cyber security pitfalls.

What to do

How can I help protect myself from phishing?

First and foremost a good security policy is needed to protect your organization from phishing attacks. Anti-malware, firewall, Intrusion Prevention (IPS), Vulnerability Scanning, and continuous Threat Monitoring, etc. should be part of the solution. A comprehensive business continuity plan with a good data backup is also required to recover from data loss or ransomware attack. Last, but not least, is employee education. Training your employees for Cyber Security awareness is the best line of defense against cyber criminals.

Five dont's

Practice the following to avoid being scammed by phishing attacks:

Don’t open suspicious emails
If you receive an email supposedly from a financial institution with an alarming subject line — such as “Account suspended!” or “Funds on hold” — delete it. If you are worried that there is a problem, log in to your account or contact the bank directly. If there really is a problem with your bank account or credit card, you’ll find information once you’ve logged in.
Don’t click on suspicious links in emails
If you do open an email from someone you don’t know and you are instructed to click on a link, don’t. Often, these links will take you to fake websites that will then encourage you to either provide personal information or to click on links that might install malware on your computer.
Don’t send financial information through email
Your bank or credit card provider will never ask you to provide bank account numbers, your Social Security number, or passwords through email.
Don’t click on pop-up ads
Hackers can add fraudulent messages that pop up when you visit even legitimate websites. Often, the pop-ups will warn you that your computer is infected and instruct you to call a phone number or install antivirus protection. Avoid this temptation. Scammers use these ads to either install malware on your computer or scam you out of a payment for a computer clean-up you don’t need.
Don’t fall for too good to be true offers
Phishing emails may try to hook you with what appear to be incredibly cheap offers for things like smartphones or vacations. The offers may look irresistible but resist them. They’re likely phishing emails.

Search