Best Practices: Protecting Against Phishing Schemes

"Best Practices" is our new recurring feature designed to give your organization helpful advice for maintaining efficient operations.

Protecting Against Phishing Schemes

Scammers are getting more and more creative in our ever-modernizing world, and it can be hard to keep up with all the new tactics to protect yourself from. One of the most widespread types of scams are phishing schemes, which target email and text to steal sensitive information. It is important to understand these schemes, so you can know how to best protect yourself and your business from them. Read on to learn more about phishing schemes, how to prevent yourself from falling for them, and what to do if it happens.

How does phishing work?

Phishing schemes are cyberattacks carried out by scammers that target email and other messaging apps. These emails seem to come from a reputable source, often appear urgent, and typically include links or request sensitive information. Once these links are clicked on, ransomware can be downloaded onto your computer, which can provide scammers with passwords, sensitive information, and potentially access to an entire network of computers.

How do you protect yourself against phishing?

As an individual, before clicking on a link in an email or providing sensitive information, you should do some research. Look into the company and their website to ensure it is a real company. You might also check with a coworker or call the vendor or client the email looks like it’s from on a number you know to be correct – not the one listed in the email.

Protecting Against Phishing Schemes

As a business, you should regularly back up your data in places not on the network so that if your data is hacked, you can easily restore it. You should also make sure that all security software on the devices in the network is up to date, and add email authentication and intrusion prevention software to prevent phishing emails from reaching inboxes in the first place. Finally, let your staff know that all of this is happening and keep them informed. Provide regular training so that they can keep up to date with newer phishing tactics.

What happens if you fall for a phishing scheme?

First, you should immediately change any compromised passwords and disconnect the infected computer from the network. Next, you should alert colleagues. When phishing attacks happen, more than one person in a company typically receives these emails. Then, notify any customers or clients who may have had their data breached. Lastly, report the scheme to the Federal Trade Commission through FTC.gov/complaint and let the person or company being impersonated know about it.

For more information on phishing and other scams, and how to protect your business from them, visit the Federal Trade Commission website at www.ftc.gov/news-events/topics/identitytheft/phishing-scams.