Phishing

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Dark blue background with white circles and lines

Phishing

You get an email that looks like it’s from someone you know.

It seems to be from one of your company’s vendors and asks that you click on a link to update your business account. Should you click? Maybe it looks like it’s from your boss and asks for your network password. Should you reply? In either case, probably not. These may be phishing attempts.

Free Consultation

 

How phishing works

You get an email or text

It seems to be from someone you know, and it asks you to click a link, or give your password, business bank account, or other sensitive information.

It looks real

It’s easy to spoof logos and make up fake email addresses. Scammers use familiar company names or pretend to be someone you know.

It’s urgent

The message pressures you to act now or something bad will happen.

What happens next

If you click on a link, scammers can install ransomware or other programs that can lock you out of your data and spread to the entire company network. If you share passwords, scammers now have access to all those accounts.

What can you do

Check it out

Look up the website or phone number for the company or person behind the text or email. Make sure that you’re getting the real company and not about to download malware or talk to a scammer.

Talk to someone

Talking to a colleague might help you figure out if the request is real or a phishing attempt.

Make a call if you’re not sure

Pick up the phone and call that vendor, colleague, or client who sent the email. Confirm that they really need information from you. Use a number you know to be correct, not the number in the email or text.

What if you fall for a phishing scheme

Alert others

Talk to your colleagues and share your experience. Phishing attacks often happen to more than one person in a company.

Limit the damage

Immediately change any compromised passwords and disconnect from the network any computer or device that’s infected with malware.

Follow your company’s procedures

These may include notifying specific people in your organization or contractors that help you with IT.

Notify customers

If data or personal information was compromised, make sure you notify the affected parties, they could be at risk of identity theft. Find information on how to do that at Data Breach Response: A Guide for Business at FTC.gov.

Report it

Forward phishing emails to spam@uce.gov (an address used by the FTC) and to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). Let the company or person that was impersonated know about the phishing scheme. And report it to the FTC at FTC.gov.

Reach out to us for a free consultation with a Cybersecurity expert.

Contact Us