The bad guys have access to your company data and guess what? They didn’t hack their way into your system. You, or one of your employees, let them in.

Phishing attempts use deception to steal sensitive information about your business through email, telephone, text messages, and social media. These schemes use two methods. Social engineering gains the trust of an employee to provide information. Precision-targeting, called spear phishing, uses public information to communicate with employees to appear as a legitimate request. Attackers are using these methods to steal information like usernames and passwords, financial data like credit card numbers, and phone numbers to bypass two-factor identification.

With this method of malicious data collection, all employees should be careful when entering passwords, sharing sensitive information, and downloading files. The old, very obvious, attempts have gone by the wayside. Hackers are now sending sophisticated messages to employees that appear real. For example, fake emails that look identical to trusted service providers will redirect to a spoofed website that requires an employee to enter their username and password. When the employee “logs in” they are giving attackers their credentials.

As a smaller organization with more limited IT support, we recommend the following tips to keep your company data safe.

  1. Type in URLs and don’t click links. Many scammers use URL condensing services to disguise their links.
  2. Scrutinize all email attachments. If you were not expecting an invoice, even from a frequent service provider, verify the legitimacy of the request by calling the provider directly.
  3. Always check the “from” email address. It is very common for scammers to “spoof” the initial name that appears in your inbox.
  4. Use a thorough anti-spam and anti-phishing email security solution.
  5. Run security updates for all software used, including Windows and web browsers.
  6. Use two-factor authentication whenever possible. This is a simple solution for protecting your login information that according to google, 9/10 users do not enable.

​The IT team at Total Solutions can provide security solutions and in-depth training for employees at your organization. Our experts will put together a customized program that focuses on the vulnerabilities in your industry and fits within a time frame that works for the schedules of your employees. When it comes to Phishing attempts, the best prevention is knowledge. Knowing the signals of a scheme and having secure measures in place will help your business avoid handing over valuable company information to hackers.

Submitted by ​Steve Kratz, Sr. Systems Engineer