Phishing Scams: Don’t Take the Bait!

Phishing Scams: Don’t Take the Bait!


Cybercriminals are always searching for ways to enter your business. In general, the most common way a hacker gains access to your network is through phishing attacks. These usually come in the form of spam emails that are made to look legitimate. In some cases, these emails could appear to come from your boss or someone on your team, and the writing style might even sound like them. Cybercriminals use phishing emails to get personal information like your bank credentials, credit card numbers, passwords, and social insurance numbers by deceiving you into giving it to them under false pretenses.

Here are a couple examples: you get an email from your boss asking you to make a bank transfer. Unfortunately, it’s not really your boss – it’s a hacker impersonating them. Another common example: you get an email from your bank prompting you to update your account. The email includes a link that appears legitimate. The website might also look just like your bank’s website – unfortunately, when you enter your personal information it is being passed directly to the hacker– not your bank. Using what you’ve entered, the hacker gains access to your account or your passwords, purchases goods, opens credit cards, steals your identity, and puts you in serious financial trouble.

The examples above illustrate why it’s so important for you to beware of phishing schemes and implement practices to avoid becoming a victim. Here are 4 ways you can protect yourself from phishing scams:

1) Never give out personal information via email

Legitimate businesses, especially large ones like banks, will never request passwords, login credentials, or credit card numbers over email. If you do receive emails like these, don’t respond, don’t click on links or images, and avoid downloading attachments. If you question the legitimacy of an email, contact the company that sent it to confirm. A quick way to check the authenticity of a webpage is to read the URL of the website carefully. It might have spelling errors, or it might be a different domain than you are used to. You should also hover over the link to confirm it doesn’t lead to a different URL. Finally, never call the phone numbers contained in these emails. Go online and find the correct number on their website. Otherwise, you might be calling the cybercriminal.

2) Make sure the website is encrypted

Before you enter any sensitive information on a webpage, you should ensure it is encrypted. Check the address bar for a lock icon – this indicates that the site is secured. You can also review the security certificate of the site to know if it's protected. The name on the certificate should match with the site you are on and if it does not, it is a clear sign that it’s a spoofed site.

3) Report any unusual activity to the legitimate company

If you feel that you have entered your personal data on a spoofed site, contact the legitimate company immediately to report the scam. Do not click on any links in the email and contact the company by manually searching for their contact info. You should also review your credit card and bank statements regularly if you think you might have become a victim of a phishing scam. This can help prevent unauthorized charges, and identify unusual transactions immediately, before a financial loss.

4) Use business-grade anti-virus software and multi-factor authentication

To help prevent web-based phishing attacks like pop up windows, you should implement business-grade anti-virus tools. You can also enable multi-factor authentication. This adds an extra level of security on your accounts. By requiring two or more credentials when you try to log in, it makes it more difficult for a hacker to gain access into your accounts – even if they have your password.

Don’t take the bait! If you click on a link and provide passwords or account numbers, a hacker can install programs on your computer, steal your personal information, and hold your data hostage until you pay up. Act now and protect yourself before you become the victim of a phishing attack.

If your worried that your confidential information has fallen into the wrong hands, or you would like to ensure that your business is secure, call (416) 966-3306, or email [email protected], and somebody from our office will be happy to help!