3 Steps to Help You Steer Clear of Phishing Scams

If you spend any time at all accessing email, you’ve probably seen it—a legitimate-looking (or somewhat legitimate) email from a person or institution that may or may not be familiar to you. In it, there could be a link, an attachment and perhaps a request for your financial or personal information, along with contact information for you to provide it. The email may make a strong argument for providing that information—perhaps it threatens you with an audit, or even arrest. It could be an enticement for a financial windfall. It could even be something as simple as a request to update or verify account settings. Yet, in nearly every case, responding as requested will lead you down a one-way street to big trouble.

Phishing has been around for more than two decades, and despite repeated warnings through media and other channels, it remains disturbingly effective. You may think you’re too wise to fall prey to a phishing scam; but according to the Federal Bureau of Investigation’s 2016 Internet Crime Report, more than 19,000 people reported losing nearly $32 million in phishing attacks in the U.S. alone.

At its core, phishing preys on the fallibilities of human nature; we all make mistakes, we lead busy lives, and no one is immune from an occasional lapse in judgment, or an honest oversight. Unfortunately, the bad guys are upping their games and becoming ever-more sophisticated in their approaches and executions. This makes it more difficult for people to decipher legitimate emails from phishing scams.

What to do? At Lutz Tech, we advise all of our clients to take widely accepted precautions such as using unique passwords, avoiding public Wi-Fi when accessing or sharing sensitive information and scanning regularly for viruses and malware. On top of that, we recommend that our clients adopt a 3-step approach to guide them in preventing phishing attacks, and minimizing damage if they occur:

Step 1: Ask yourself, “is this for me?”

Use judgement when privileged information is being requested. If you work in, say, the marketing department, and a mysterious email asks you to review an attached resume, that’s an unusual request that should immediately raise a red flag. Your validation process should start with questions that include: Should I be receiving this? Am I expecting it? Does it come through a standard chain of command, or from a source I recognize? If things don’t sniff right, proceed to step 2.

Step 2: Ask others, “are we expecting to receive this?”

Say you received this same email in question and suppose further that you work in human resources (HR). Questions to ask include: Am I expecting this resume? Is it standard operating procedure for me to receive it directly—or, should it first go through other channels in the organization? Instead of opening the attachment or clicking on the link, you should contact your supervisor and get verbal validation as to whether this is something you should have received in the first place. If your supervisor can’t provide definitive verbal validation, contact your IT professionals immediately.

It’s worth stressing: Verbal validation is absolutely critical. At Lutz Tech, we see too many cases where people’s email accounts are compromised, and then hackers send phishing emails from those accounts. Such emails may seem legit, since the senders’ addresses are real. Worse still, if you were to reply to such an email and ask if the request is valid, the hacker who commandeered the account surely will reply that it is, which sets the table for disaster.

Step 3: Accidents happen—speak up if they happen to you.

Bad situations get much worse when they go unreported. Recently, our technology professionals saw a deviously clever phishing email that appeared at first glance to be from a company’s IT department. In it, the respondent was asked to click on a link to reset their password. That link led to a phony company portal page where email credentials were requested. If you fall prey to a scam like this, the amount of damage that can occur as a result could be significant. Yet, it grows exponentially if the incident goes unreported. By alerting the appropriate IT professionals early on, it’s possible to mitigate the damage by changing credentials, tightening spam filters and implementing other controls to prevent these types of attacks in the future.

The road to cybersecurity is best traveled with an experienced partner

In today’s digital world, it’s critical to keep operations running smoothly. Businesses can ill-afford operational downtime, let alone financial and reputational damage from cyberbreaches of all sizes and scopes. At Lutz Tech, our IT professionals immerse themselves in the latest trends surrounding cybersecurity for businesses. Our core managed services include a comprehensive suite of best-practice email filtering, password security, antivirus and malware protection designed to prevent cyberattacks and minimize damages when they occur. We also offer clients a live help desk; in cases where clients receive suspicious emails, our experienced technicians are accessible within seconds to validate the email through a true technical perspective, and take any appropriate actions or countermeasures.