Now that we all work from home and use email and WhatsApp more often, the number of Phishing messages circulating has increased significantly. From malicious emails posing as an official agency or well-known company to links to phishing websites forwarded via messaging, it’s very watchful in this new Corona Age.
What is Phishing anyway?
Although phishing is not new, we have noticed an increased number of phishing emails at a time of Corona and homeworking. But what is phishing?
Phishing is a form of crime where cybercriminals find out your passwords, username, contact information, and even credit card numbers through fake emails. They often do this via a link in an email to a fake website or a Trojan Horse (a kind of software that steals your data) in an attachment. Once they have your information they can take over certain profiles or even computers or use your credit cards for criminal transactions.
What are the dangers of Phishing?
Now that a lot of employees work on their personal computers, it is, of course, a lot easier for phishers to lure employees into a trap. Now that almost everyone works from home, there is no heavy corporate firewall to bypass phishers. In addition, many employees have outdated or malfunctioning antivirus programs installed on their personal computers, leaving a lot of sophisticated phishing techniques undetected.
The dangers of phishing lie mainly in the fact that phishing can lead to identity fraud, credit card fraud, or worse: certain programs and profiles can be shut down or taken over by the phishers. For example, there are companies whose social media profiles have been taken over, whose email accounts have been used to send spam, or worse still, whose accounts have been plundered by phishers.
How can you prevent phishing?
An important question during the corona crisis is how to combat phishing. Now that we are all sitting behind our computers more and more, cybercriminals are taking advantage of this to send out more and more phishing emails. As an ICT department, an HR employee, or even a company manager, it is our job to inform employees about the dangers of phishing. After all, our employees are our most crucial line of defence against phishing and malware.
Make sure your employees always check the email address or URL of the link. In addition, please explain that they do not send personal passwords and data in emails and that banks and other agencies never ask for personal information via email or phone. It is a good idea to show some examples of phishing emails to your employees. This way they will see that the emails often look real and reliable and that one has to be extra vigilant during this homework period.
How to react when you are phished?
When you, your company, or one of your employees became a victim of phishing, it is important that the involved passwords are changed one by one. If you shared payment details with the phishing website, cancel your card as soon as possible and simply request a new one.
If you or your employee downloaded a Trojan Horse, it is best to remove this file from your computer as soon as possible and delete the email permanently in order to avoid the further spread of phishing links.
Be sure to scan your computer for further viruses with a good antivirus and make sure you don’t become a victim of identity fraud. You can do this for example by setting up a Google Alert on your name and social media to check if profiles with your name and photo pop up.
All in all, as a company it is important to have a good step-by-step plan in place when an employee has fallen victim to phishing. With good communication, clear information, and an easy-to-follow step-by-step plan, you can protect your company and employees against phishing during this corona homework period.
Interested in planning a phishing awareness session or a phishing test? Or would you like to know how you can maximize the overall security awareness for your company? Please contact us using the form below. We will be happy to answer all your questions!