Avoiding phishing and online scams in the workplace
Don't let your business get caught out by an avoidable cyber threat.
Phishing scams are one of the most common security challenges companies can face in keeping their information secure. If mistaken as legitimate correspondence, phishing attacks can allow scammers to gain access to valuable data, including passwords, credit cards and other sensitive information.
Scammers can use a variety of mediums for phishing. The most common ones include email, telephone and social media. Having the right tools in place can provide your company’s first line of defence against phishing. Training your workforce to successfully detect these scams and implementing solid security practices is also vital.
Scammers will impersonate a known company vendor or IT department in an attempt to obtain company information. They can register with a domain name which emulates a recognisable and reputable source. The tone of these phishing emails are designed to make the recipient feel a sense of urgency and pressure them into doing what the scammer wants.
This can involve clicking a link in the email which redirects the recipient to an insecure website which requests sensitive information. Another way scammers can obtain sensitive information is through malware that has been installed via an email attachment, allowing the former to exploit loopholes and other weaknesses in a company’s IT systems.
This type of phishing is similar to email phishing, but also uses personalised information, such as the target’s name, position, company, phone number, or any other information which can deceive the recipient into believing they have a connection with the sender.
A company’s finance department and employees are a common target for invoice phishing. This is when employees are sent invoices for large sums of money from sources which appear to be legitimate. As it is difficult to pre-emptively block this type of scam, companies are often reliant on the person contacted to spot it.
Where spear phishing can focus on anyone within an organisation, whaling specifically targets executives and other high-ranking employees. These types of attacks focus on stealing login information and gaining access to accounts.
This type of phishing occurs over the phone. It can be used as an alternative to or in conjunction with email. Similarly, scammers can send text messages to targets which prompt the recipient to click a malicious link or hand over personal information. This is known as smishing.
Educate your workforce
As phishing attacks need to exploit human error to be successful, ensuring that your employees have been trained in security awareness and can distinguish scams from legitimate correspondence is essential.
Mock phishing scenarios are popular for training employees on how to spot a phishing attack. It is also important that you keep your workforce updated about known phishing attacks to avoid multiple employees being fooled by the same or similar scams.
The right set of tools
Having a strong and secure system, with the right set of tools, will reduce your company’s reliance on human identification of phishing attacks. These tools are also vital in minimising the impact of when an employee fails to recognise a scam – especially the sophisticated and well-crafted ones!
A popular preventative measure against phishing includes email filtering. This a cost-effective and easy-to-use solution which filters out harmful and malicious emails, preventing them from entering the inbox. Similarly, organisations can also employ website filtering. This measure uses antivirus software to scan pages for threats and blocks users from entering phishing websites.
Companies may also want to consider using multi-factor authentication for accounts. This makes it difficult for scammers to gain access after stealing passwords.