You receive an email that looks familiar—it seems to be from one of your company’s vendors, asking you to click a link to update your business account. Or maybe it’s from your boss, urgently requesting your network password. Should you click or reply? Probably not. These could be phishing attempts designed to steal your information.

How Phishing WORKS

Phishing scams often look convincing but are designed to trick you into handing over sensitive information or downloading malware. Here’s how they usually operate:

1. You Receive an Email or Text

• The message seems to come from someone you know, like a colleague, client, or vendor. It asks for a password, bank account number, or other private information.

2. It Looks Legitimate

• Scammers are experts at spoofing logos and creating fake email addresses that look authentic. They use familiar company names or impersonate people you trust.

3. It’s Urgent

• The message tries to pressure you: “Act now, or something bad will happen!” This is a common tactic used to rush you into making a mistake.

4. What Happens Next

• If you click on the link, scammers may install ransomware or other malicious software that locks you out of your data.
• If you share your password or information, scammers can gain access to sensitive accounts—putting your entire business at risk.

What YOU can do

Before clicking on a link or giving away your business’s sensitive information, follow these steps to protect yourself:

1. Check It Out

• Verify the message by looking up the official website or contact number of the company or person. Don’t rely on the email’s contact info—it could be fake.

2. Talk to a Colleague

• Sometimes, a quick conversation with a coworker can help you figure out if the request is legitimate or a phishing scam.

3. Make a Call if You’re Unsure

• Call the person or company directly using a verified phone number, not the one in the email or text. Confirm that they really need the information.

How to PROTECT your business

Phishing attacks are increasingly sophisticated, but you can reduce your risk by taking proactive steps:

1. Back Up Your Data Regularly

• Back up your data frequently and ensure those backups aren’t connected to your network. If a phishing attack occurs, you’ll have copies of your data that can help restore operations quickly.

2. Keep Your Security Systems Up to Date

• Install the latest patches and updates to protect your systems from vulnerabilities.

Software update

• Use email authentication and intrusion prevention software to block phishing emails before they even reach your inbox.

3. Alert Your Staff

• Share phishing prevention tips with your employees. Since phishing tactics evolve, include up-to-date information in your regular training sessions so staff are equipped to spot new schemes.

4. Deploy a Safety Net

• Implement email authentication technology to prevent phishing emails from reaching your company’s inboxes in the first place.

What if you fall for a PHISHING SCHEME

Even the most cautious employees can sometimes fall for a phishing attack. Here’s what to do if it happens:

1. Alert Others

• Let your colleagues know if you’ve been targeted. Phishing attacks often happen to multiple people in an organization.

2. Limit the Damage

• Immediately change any compromised passwords and disconnect infected devices from the network to stop malware from spreading.

3. Follow Company Procedures

• Report the attack according to your company’s procedures. This might involve notifying IT or external contractors who manage your security.

4. Notify Customers

• If sensitive data was compromised, notify any affected customers. They may be at risk of identity theft and should take steps to protect themselves.

Phishing scams are constantly evolving, but by being cautious and proactive, you can minimize the risk to your business. Remember, cybersecurity isn’t a one-time task—it’s an ongoing effort.

Stay tuned, stay secure, and let’s make Cybersecurity Awareness Month count!

*Article inspired by the guide “Cybersecurity for small business” written by the Federal Trade Commission (FTC).

——————–

We at APIS Consulting can assist you in enhancing your cyber security knowledge and IT security procedures. If you require any trainings, cyber security audits, to boost your IT security, or to outsource your IT security, you can get in touch with us via email at contact@apisconsulting.cn or by adding Antoine on WeChat using the QRcode below.

---