Phishing is a real threat to small and medium businesses, and if employees are not diligent about protecting the information that they can access, even the smallest mistake can cost your company everything. Phishing email tests are a great way to help you better understand your vulnerabilities, and they give you a great talking point during security meetings. Here’s what you should know.
Phishing is an online scam in which a criminal sends out emails pretending to be someone else, whether that someone else is someone within your organization or someone in another well-known organization, including Google, Netflix, PayPal, and others, in order to get your employee to provide sensitive information. The goal is to get your employees to act out of fear or curiosity and gain access to various types of data. This may include things like a username or password or even bank account information. For businesses, the ultimate goal may be your entire network, which can be devastating.
Per a 2017 report compiled by PhishMe, the average phishing attack on a mid-sized business cost that business a total of $1.6 million – a sum that can easily cause a company to go under. The same report found that employees are most susceptible to phishing attacks that target them as consumers rather than employees. The good news in the report is that phishing susceptibility rates are on the decline; 14.1% of organizations fell victim to phishing in 2015 compared to just 10.8% in 2017. Nevertheless, it is crucial that small and medium businesses remain vigilant in their security.
A phishing email test is a mock attack that helps you better understand everything from your company’s internal email security to your employees’ diligence in reporting phishing scams. It is a controlled environment in which an IT professional determines your employees’ awareness of cybersecurity by determining whether phishing emails can get through email security and, if so, whether your employees will respond to them. This way, you can make the changes you need to make – and properly train your employees – in anticipation of a real cyberattack.
Ideally, your phishing email test should include everyone in your organization, including those at the highest levels. This way, you can better manage these employees’ awareness of cybersecurity and make the appropriate changes where necessary. Take the results of the test seriously, and use them to determine the best next step for your company, whether that involves implementing managed email security services or providing more training for people who performed poorly during the test by responding to phishing emails.
The best way to prevent cyberattacks like phishing emails is to prepare for them proactively through managed antivirus and antispam services that are constantly monitored and updated to prevent even the newest and most dangerous threats. Aside from this, regularly performing phishing email tests in the workplace will help you understand your susceptibility and ultimately create a safer network for your business.
Scareware is a form of malware that generates browser pop-ups that resemble Windows or OS X system messages, claiming to be software such as antivirus, antispyware, registry cleaner, driver updater, etc. The system messages report fictitious problems such as infected files or missing driver updates intended to scare users into purchasing useless software or installing malicious software onto their devices.
An example of a fictitious alert in the form of a browser pop up recommending known software from an unknown source such as Adobe Flash Player from newsoftready.uploadsoftstohavetoday.online shown below:
Scareware can also present itself as an intense series of browser pop ups and alarms that scare you into thinking your device is infected. The pop up or system alert may give you a number to call suggesting the alert is from the FBI or Microsoft. The intent is to get you to call and get your permission to login to your computer.
STOP RIGHT HERE! If you encounter a suspicious system alert or pop-up, close your browser by clicking CTRL+ALT+DELETE (Windows) or COMMAND+OPTION+ESC (Mac), then end the process, or turn OFF your device.
In the event that you have called the number from the scareware, your phone number may have been compromised. If you give the fake technical support permission to login to your device, your device and data have been compromised. After receiving access to your device, the agent is able to further install malicious software and viruses, change your system setting to prevent internet access, and steal your data or lock you out of your own system. The next step the fake technical support agent will take is to scare you into paying them to clean your computer or unlock your data.
If you have been victimized by scareware, your device and data may have been compromised. Please contact Pennyrile Technologies at 931.771.1149. If you have given any financial information, we recommend contacting your financial institution to alert them.
Research has revealed that over half of all users end up opening fraudulent emails and often even fall for them. Phishing is done with the aim of gathering personal information about you, generally related to your finances. The most common reason for the large number of people falling for fraudulent emails is that the phishing attempts are often so well-disguised that they escape the eyes of a busy email reader.
Here are a few tips that help you identify whether that email really came from your bank or is another attempt at defrauding you…
Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email where they ask for your ATM PIN or your e-banking password, something’s amiss.
Phishing emails always contain links that you are asked to click on. You should verify if the links are genuine. Here are a few things to look for when doing that:
Apart from identifying fake URLs, there are other tell-tale signs that help you identify fraudulent emails. Some of these include:
Finally, get a good anti virus/email protection program installed. It can help you by automatically directing spam and junk mail into spam folders and deactivating malicious attachments. See how our Managed Antivirus and Anti-Spam service can help you today!