It’s late Friday afternoon and the COO of your company emails you with an urgent request to send him the HR spreadsheet you have been working on. Frantic, you immediately reply and send him the requested information. But it wasn’t the COO emailing you; it was a cybercriminal pretending to be your COO and you just handed over confidential HR records. Your company is now in trouble and so are you.
Protecting Your Company and Yourself
This type of cyber-attack – known as phishing – is a serious and widespread problem. Phishing is defined by the National Institute of Standards and Technology as a:
“technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person[.]”
A recent report shows a 1,265% increase in malicious phishing messages since 2022, and an average of over 30,000 phishing attacks occur every day.
The Evolution of Cybercriminal Tactics
Gone are the days of cybercriminals pretending to be princes from far off countries; the modern-day cybercriminal pretends to be someone you know and, at least in an email, looks just like a trusted contact. For instance, the cybercriminal will mask his true email address to make it look like someone else’s; he will copy the signature block from a trusted contact; and he will even steal a picture of someone you know from their online social media profile and use it.
Defense Strategies
The cybercriminal is trying to gain instant trust and once he gets it, he will ask you to share information, download malicious software, or click on a malicious link. But you don’t have to fall for this trap!
You can prevent a cybercriminal from fooling you into disclosing confidential information or allowing an intruder to hack your system. Of course, the first and best line of defense is to have strong cybersecurity systems in place. But even the best systems are not foolproof. That’s where you come in.
Recognize and Prevent Phishing Attacks
Here are some ways you can recognize and prevent phishing attacks:
- If you get an email at an odd hour, from a person you are not normally in contact with, or about a subject that is unrelated to you or your work, then be suspicious.
- If you get an email asking you to immediately provide information, download an attachment, or click on a link, then be suspicious.
- If you get an email with spelling or grammatical errors, then be suspicious.
- If you get an email with generic language like “please send me the reports you are working on” or “Dear co-worker,” then be suspicious.
- If you get an email from an email address that is not the correct email domain for your company, then be suspicious.
Simply put, if you have any doubt about the authenticity of an email, then have no doubt it may be malicious. Don’t respond. Don’t download. Don’t provide information. Don’t click on links. Instead, contact your IT department for help. You are the last line of defense against cyberattacks, so be vigilant and help protect you and your company.
For more information, please contact KJK partner Michael Hoenig (MDH@kjk.com; 216.736.7247) or another member of our Cyber Security & Data Breach practice group.