Updated: Oct 23, 2021
By the end of 2021, cybersecurity crime is expected to cost the world a total of $5.8 trillion.
Two main areas that contribute to this statistic are falling victim to phishing emails and using weak passwords.
I want to empower you with steps you can take to prevent phishing attacks and how to practice better password management.
What is phishing?
Phishing, or email impersonation attempts, is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.
To prevent phishing, treat every email that you encounter with a certain degree of caution and care. Today’s hackers create a profile about you to assist in creating a phishing email pretending to come from your friends and colleagues. An example, you buy a car and place a photo on Facebook or Instagram. Hackers receive this information then attempt to trick you by sending you a phishing email that appears to come from a friend or colleague. Email is likely short and goes something like this, “Hi, love your new car, congratulations you deserve it. In a hurry to make another meeting, do you mind sharing the company credit card info again?” Where without caution you happily provide the information. This scenario unfortunately plays out every day. By the time you realize something is amiss the damage is already done.
Here's how you can spot phishing emails:
Odd URL: If you suspect that an email could be a scam, hover over the URL link within the message. This will show the site’s URL. Often, the URL doesn’t belong to the company that is supposedly trying to reach out to you.
Grammatical Errors: The majority of phishing emails are full of grammatical errors, odd capitalizations, and misspellings. Additionally, those emails might contain sentences or phrases that just seem completely off and do not make any sense. If it doesn’t sound right, or professional, be skeptical. It could be a phishing scam.
Emails with a Sense of Urgency: The most effective phishing emails always create a sense of urgency or panic in the recipients. Unfortunately, humans are susceptible to making rash decisions, and phishing emails thrive on invoking panic. Before responding to an email, if it seems suspicious in any way, maybe looks right but your gut is screaming to you something is off then the email should be verified. If it cannot be verified, leave it alone.
Promote Awareness of these attacks to others within your organization and what to look for. Users are always the first line of defense and human intelligence, creating awareness is extremely effective in stopping phishing scams.
Low-Resolution Logos: Typically, scammers will copy or cut and paste logos from legitimate company websites in their phishing emails. If the image seems pixelated, discolored, blurry, or very small, there is a good indication that the person contacting you doesn’t work for the company.
Since 2004, Ambit has vigorous protections in place for all our client’s email systems, but email impersonation attempts (Phishing), which come from email addresses that appear to be from a friend, fellow business members are tough to stop.
Using Proofpoint, a service managed by Ambit, for protecting accounts against malicious email links and attachments, Ambit blocks the majority of emails containing spam, phishing attempts, and malware. In the first quarter of 2021 alone, over 13.5 million emails bound for Ambit clients were blocked by Proofpoint, 3 million more than Proofpoint blocked in March of 2020.
Begin practicing better password management
Most people know to not use the same password for everything or make it too simple, but they continue doing it out of fear of forgetting. It’s understandable how it quickly becomes a challenge to remember many different passwords and hackers are aware of this in hopes to capitalize on it.
The Best Way to Create a Secure Password.
Stop Reusing the Same Password. This sounds basic, but using the same password to access your work email, company data, combined with your personal accounts creates great risk. Never reuse a password for more than one account.
Use Unique Passwords. Always create a unique password full of the upper-lower case, numeric characters, and special symbols.
Use Long and Complicated Passwords. The longer and more complicated passwords are, the tougher it is for a hacker to crack them
These rules of thumb are your best line of defense when it comes to passwords, but people aren't following them usually because they do not know how to store this information.
At Ambit, we recommend using a password management app to store all your unique passwords for each account. This allows you to save a single password to log into the app, which will then open a vault that stores all your accounts securely with a single click. Worth noting, if your password is ever compromised you’re facing a threat of loss on multiple fronts. Due to this, Ambit recommends using the two-form factor authentication (2FA) feature available in password management applications.
The best password manager apps quickly and easily generate strong passwords for you, and most have browser plug-ins that will automatically fill in login forms. Many also fill in credit card numbers and personal details. Two password management apps Ambit recommends are Last Pass and 1Password. Do you want more information or tailored strategy that help you and your small business fight against phishing scams? You are not alone! Contact Ambit today for Free Consultation, and one of our IT experts will exam your small business IT wellness and how to keep it at the tip-top shape.