Scammers use email or text messaging tactics to trick people into believing that their business website has been compromised. Some messages may demand that you remove what deems to be illegally acquired website photos. You may receive an email stating that your system has been taken over and can be retrieved in exchange for money. An "urgent" message from your bank may state that you've won the lottery. These schemes "bait" you with trust or fear and persuade you to take action with a sense of urgency to download and install unwanted software – often bundled with popular free downloads. These cybercrimes are referred to as phishing and malware attacks.
WHAT IS PHISHING?
Phishing is a cyber-attacking method that uses deceptive e-mails, pop-ups, banner ads, and websites to gain illicit access to a user's device, accounts, social security number, and other personal information. It can be disguised as a person or organization you trust ("bait"), tricking email recipients into believing that the message is something important and urgent, leading users to click an attached link or a download file with embedded malware.
WHAT IS MALWARE?
Derived from the words "malicious" and "software," malware is the general term for unwanted software that includes viruses, spyware, and adware, among others. These are illicitly installed on your computer or mobile device that allow cybercriminals to steal credentials and personal information to commit fraud.
Though some malicious messages may be ineffective, there will still be people who fall for these scams and inadvertently send personal information to cybercriminals, give them access to your device, and exploit the information in any way they can. This grants them to steal your account numbers, passwords, or Social Security numbers and commit fraudulent activities. At the core of phishing and malware attacks, regardless of the technology or the particular target, these are deceptions.
According to 2021 phishing statistics, 75% of organizations around the world experienced this cybercrime at least once. 74% of phishing attacks on businesses and organizations in America were successful. A cybercriminal makes an attempt every 39 seconds.
To help home inspection businesses better understand how they can work to avoid being victimized by phishing attacks, it is important to know how to recognize one and protect yourself from it.
Here are some steps you can take to protect yourself from malware or phishing attacks:
1. Implement proactive protective measures.
Protect your computer by installing security software, such as BullGuard, Avast, or Kaspersky, and set it to update automatically. Scan your computer for any cybersecurity attack, then quarantine, block, or remove anything it identifies as a threat. Security software updates may require you to restart your computer for the changes to take effect. Updated security software will detect any old and new spam, phishing, or malware threats.
"Secure Email Gateways" (SEGs) such as SpamTitan or Proofpoint are great email security solutions that can block or quarantine malicious emails so that it never reaches its intended recipient.
"Sandboxing" is also a good cybersecurity practice where it isolates applications to test whether a suspicious file or URL is malicious or a threat. It is a virtual environment that accurately mimics the end-user operating environment, safely analyzing any potentially malicious program without compromising your operating system, and proactively remove any threat detected.
Always make sure your network is set to private with servers protected by firewalls. This restricts anyone from engaging in unauthorized internet activities in, out, or within a private network. Hence, keeping your system from being compromised.
2. Do not click pop-ups, banner ads, and email links and attachments
Another trick scammers do is send campaigns that especially have something to do about your computer's health. A sender may claim to be from Microsoft's Security Team. However, not a legit division of Microsoft, probably wouldn't be based in Tajikistan, don't you think?
Cybercriminals send spam emails that appear legitimate offering you different browsers, PDF readers, and other bundled free software that are more likely to include malware even if it seems to be from companies you know and trust, or family or friends. Instead of clicking an email link or attachment, get well-known software directly from the source by typing in the URL of a trusted website into your browser. If you receive an email from a trusted source but are seemingly suspicious, contact that source with a new email rather than just hitting reply. This prevents you from ending up in a scam site, entering sensitive information, and downloading malware.
Many browsers come with built-in privacy and security features. Google Chrome users can set "Safe Browsing" settings to different protection levels. Features like this will scan and warn you about potentially risky websites, downloads, and extensions, and password breaches.
3. Set multi-factor authentication
Businesses can leverage a multi-layered approach to online security, called multi-factor authentication. Multi-factor authentication serves as a strong barrier deployed to prevent hackers from gaining access, take over, and compromise user credentials. It also provides extra security from phishing attacks and other forms of data breaches by requiring two or more login credentials to access your account. Additional credentials could be a passcode you get via text message or an authentication app, and something like a fingerprint, face, or retina scan on your device.
According to Google, using multi-factor authentication blocks 100% of all automated attacks, 96% of bulk phishing attacks, and 75% of targeted attacks.
4. Conduct cybersecurity awareness training
Creating awareness by educating, conducting training sessions and phishing simulations, and developing countermeasures with your team of professionals can go a long way to proactively protect your business from malicious attacks.
Training may seem like a simple idea, but effective. Teaching your team members what good emails look like and what to look out for when it comes to phishing emails will help them know how to handle such intrusion and learn from errors. You can do this by simulation in a protected environment. You can also test your team of professionals whether they are adequately enforcing company security policies or not. Perhaps rewarding good behavior if someone spots a phishing email can be a motivation.
On a technical level, disabling macros is one of the easiest and fastest ways to protect computers in your network and your team members against cyber threats that include phishing. It is a free feature of the Microsoft Suite applications designed to help users perform repetitive tasks with keyboard shortcuts. However useful as it is, enabling macros poses the risk of "form-grabbing," a malware that can steal usernames, email addresses, and passwords from forms on your computer system. This can be exploited by cyber attackers to allow them to execute malicious activities.
Although delivering phishing awareness training can never perfectly protect you and your business, at the end of the day, educating users will help make sure the success rate and risk of data breaches involving phishing can be fairly reduced.
5. Back up your data
It's never easy to build a business from the ground up. Creating backups is a critical step and one of your best protection tactics in the event of a system failure or file corruption due to phishing and malware attacks. You can protect your data by backing it up to an external hard drive, cloud storage, or any trusted third-party backup tool. Apple iOS and Microsoft Windows feature built-in backup and restore utilities as a protective measure. You can back up files on your mobile phone too.
Make sure your backups are not connected to your home network. This way, cyber attackers will have no way to access your valuable information and credentials. Hence, greatly minimizing your risk of falling victim to cyber scammers.
Creating backups regularly on physically remote devices will not only prevent data and business loss but also give you peace of mind in case your computer is compromised.
While cybercriminals often update their tactics, it is also important to always be aware and on the lookout for vulnerabilities in this rapidly evolving technology. By implementing the simple steps outlined in this article, you can ensure that your organization or business is protected so you can focus more on what matters.