Andy Steingruebl, Director of Ecosystem Security, PayPal

 

Phishing attacks are an increasingly unfortunate drawback of doing business online, whether you’re a small shop or large, multi-national organization. The good news is being vigilant and training your employees to be on the lookout for suspicious emails and links can help keep you safe. Below we’ve outline some common social media and email phishing tactics used by cybercriminals and tips on how you can avoid them.

 

Email Phishing

 

If set up properly, most email programs do a good job filtering out suspicious emails, but there’s still a chance phishing emails could slip through and end up in your or your employees’ inboxes. If that happens, your employees should know to:

 

Report It to your IT team, if you have one, or your email provider. Avoid Mysterious Senders - if you don’t know the sender of an email, be leery of clicking any links contained in the email and do your best to verify it’s safe before clicking. Watch for Misspellings in URLs, should be a sign of caution. Avoid Becoming ‘Phish Bait’ and be sure to check links you receive in emails by hovering over the link before clicking. If the URL that appears doesn't match, don’t click. Also, if you see an IP address (a series of numbers) that’s a big red flag!

 

 Social Media’s Role in Phishing

 

Social networks are gold mines of personal information for cybercriminals, especially for targeted spear-phishing emails. So it’s important to be aware of what you’re sharing and who you might be sharing it with.

 

Don’t Post Personal Information. The more they know, the easier it is to fool you. A phishing email can easily go from “Dear Sir” to “Hello Jon” thanks to social networking. Be Cautious of Who You Friend. Many password-reset questions can be answered by someone scouring your Facebook page; be cautious of what you post on open social media sites. Never Post Your Phone Number. Cybercriminals could call you and ask for passwords or information about you or other employees. It’s never okay to give out your password, but there are other questions they might ask to help them get what they want. Don’t Fall for the Click Bait. Lots of those breaking news stories are just lures to get people to click into malicious sites. Do your research on some of those crazy story lines before you click share with friends and coworkers. 

In the end, if it seems “phishy” it probably is. With an increasingly mobile workforce and the blurred lines of personal and businesses devices, it’s more important than ever to ensure your employees are practicing good online safety habits.

 

Disclaimer: This article aims to provide helpful insight on phishing scams. This information is offered as a guide only and should not be treated as a full statement on the subject.

Original author: PayPal-Forward