During this year’s tax season, hackers are taking full advantage of the large amounts of data being exchanged online by going on phishing expeditions in the hopes of stealing your data and that of your customers.
In fact, 83% of businesses reported falling victim to a phishing attack in the last year, according to the Wombat 2019 State of the Phish Report. While phishing is one of the most common cybercrimes in existence, this type of sharp increase is a sobering reminder that your business must approach these attacks with a renewed sense of vigilance. Just one employee taking the bait could mean massive financial consequences for your organization.
Effectively protecting your systems and data means helping your team recognize the signs of a potential phishing scam, knowing what to do if your network has been infected and implementing on-going preventative measures. We recommend working with a security partner like Protelligent® to provide training and tactics, but here are key things you need to know now.
Phishing Examples and How to Recognize Them
- Emails that appear to be from legitimate senders, including banks, insurance companies, PayPal or Amazon attempting to obtain sensitive personal, financial or tax information, such as user names and passwords are at the top of the list. Take some extra time to review sender email addresses, subject lines and content for misspellings, poor grammar or anything that does not make sense. If something looks suspicious, do not click on anything and delete the email from both your inbox and trash folders.
- Emails that appear to be from the IRS demanding payment or threatening to seize your tax refund are another example gaining popularity. It’s vital to mouse over links contained in any email, regardless of the sender, before clicking on them to look for malicious URLs. As a side note, keep in mind that the IRS does not send emails requesting any kind of information.
- Do not open any email attachments with odd file names or extensions or that do not appear to be from a legitimate sender.
- If you receive a request via email from a co-worker, friend or family member that seems unusual, pick up the phone and call the sender to confirm the request and contents of the email.
Steps to Contain a Potential Infection
- Isolate the infected computer.
- Immediately secure backup systems or data by taking them offline.
- Contact law enforcement and if possible, collect and secure partial portions of the malicious data that may exist.
- If possible, change all online account passwords and network passwords after removing the system from the network.
Ongoing Prevention Tactics
Leaving any part of your company’s security to chance in today’s highly-advanced threat landscape, particularly employee training, is simply not an option. As part of our Premonition™ Security Suite’s comprehensive services, we provide organizational awareness and relevant cybersecurity training to help your employees stay vigilant. We also deliver penetration testing to simulate tactics and techniques of real-world attackers, such as email phishing, to identify vulnerabilities to remediate before they can be used against you.
Don’t let a tax-season phishing attack be your security wake-up call. Get the peace of mind you need to focus on innovation and identifying new customer opportunities with the 24/7/365 protection of Premonition Security Suite. Call us at (855) PRO TELL to learn more.