Cyber criminals are still initiating sophisticated attacks to try and trick you into clicking or giving them your personal information.
Specifically, phishing attacks where criminals impersonate a trustworthy source to steal credentials or place malware on a system, are more than ever a common tactic used by criminal organizations to wreak large-scale havoc.
All companies are at risk from this threat, which exploits employee trust and the ubiquity of email and the Web in today’s connected workplace. Criminals exploit social media (i.e., Facebook, LinkedIn, Instagram) and email services by sending out fake email templates inviting you to connect online or tricking you into clicking on a link or opening an attachment.
Although, these phishing attacks can be very hard to spot, and are designed to get you to react without thinking, you are advised to be always alerted while at the same time adhering to the following principles:
- Do not accept Social Media invites from Strangers via email.
- Do not open suspicious emails.
- Do not open suspicious links within emails.
- Check the sender’s name and address carefully.
- Investigate linkable items within emails by hovering your mouse over them.
- Do not download/open attachments.
- Do not send money or make a wire transfer.
- Do not provide your password or other details.
- Consult related awareness material available in the company’s Public Folder (Public\Policies & Procedures).
You may just have a hunch about an email, or you are suspicious. If this is the case, just verify the sender via an alternative path (e.g., send a request clarification email, SMS, make a call, log on to LinkedIn, Facebook or Instagram directly and check for invitations there!).
What to do if you have already clicked
If you have not be able to spot a phishing email and already clicked a link (or entered your details or credentials into a website), do not panic, call, or contact IT immediately and follow their instructions.