In a phishing scam, a hacker sends an email that contains a malicious link or file attachment. If the victim clicks on either, malware will deploy on their device. It’s estimated that 3.4 billion phishing emails are sent out each day across the globe.
As phishing scams have become more prevalent, many organizations have launched security awareness training programs that help employees to spot social engineering attacks. Even news shows and brands often send out messages about phishing scams and how to spot them.
While awareness is certainly on the rise, phishing is still a big threat to companies. According to Proofpoint’s 2021 State of the Phish, nearly three quarters (74%) of US organizations “experienced a successful phishing attack last year.”
Why Phishing Scams Are Getting Harder To Spot
Today’s hackers realize that they need to up their phishing game in order to be successful. While you may still get easy-to-spot phishing emails, many of these scams are now incredibly deceptive and sneaky.
Whaling, for example, is a form of phishing where a cybercriminal crafts a highly-targeted email aimed at a specific person. Because the email appears personalized and legitimate, the target is more likely to fall for the scam.
There’s also another type of scam known as business email compromise phishing. This form of attack targets junior employees. A hacker will pose as an executive or senior manager, and then request access to sensitive data or log in details.
Because the email seemingly comes from someone higher up the corporate ladder, the victim is unlikely to disobey the request – even if it seems unusual or anomalous.
The Risk Of Ego For The Victim
Given the focus on security awareness training to help employees spot phishing, it’s common for victims to feel a sense of embarrassment if they fall for a scam. Many people think they are ‘too clever’ to become embroiled in a phishing attack so, when they do, they want to hide the mistake rather than admit it.
This is a dangerous route to take. Ego shouldn’t play a role in cybersecurity. In reality, the worst thing you can do is keep the incident to yourself. Unless a scam is dealt with appropriately, and with the right security procedures, it could end up costing your company a lot of money.
So, if you fall for a phishing email, don’t pretend that nothing ever happened. Follow these steps instead:
- Disconnect your device immediately: If your device has been infected with malware, it’s crucial to disconnect it from the network urgently. You can do this either by shutting down your device or gently unplugging it from the ethernet cable. We say gently as a reminder not to damage the network port by ripping it out in a panic. If you’re connected to the network via WiFi, disconnect from it on your device.
- Speak to your IT administrator or outsourced IT advisor: You must let your IT advisor know about the scam as a matter of urgency. The longer malware goes untreated, the bigger an impact it can have. Don’t let fear or embarrassment stop you from reporting an incident. In the long-run you’ll help your company by quickly reporting an incident. Moreover, you’re probably not the only one in your company that hackers have targeted with this scam. By sounding the alarm, you can prevent your colleagues from falling for the same trick.
- Set/follow company policies for reporting phishing scams: If you’re an employer, you need to empower your employees to feel safe to report phishing attempts. We advise putting in place straightforward policies that employees can follow in the event of an attack, so they know what to do and who to contact. Don’t make employees feel like they’ll get in trouble for falling for a phishing scam. This can do more damage in the grand scheme of things, as your employees may not report such attacks if they’re afraid of the consequences.
- Learn from your mistakes: Finally, try to think of any phishing scam as a learning experience. Think about your actions during the attack. Perhaps you were rushing and so didn’t read the email properly or you weren’t properly paying attention. Rather than beat yourself up, think about what you would do differently next time. What should you have done instead? How will you be more vigilant in future? Looking at the incident this way will reduce the chances of a similar thing happening again.
Help Your Employees Stay Safe From Phishing
While phishing attacks are sometimes unavoidable, there are actions you can take to help your employees stay safe. We advise you to integrate your office’s computers with Microsoft 365 Defender. This platform can keep your system intact with dependable security measures. It can also detect malicious activity on time, enabling you to address it before it spreads and compromises your privacy.
We’ll Help You Defend Against Cyber Attacks
Using Microsoft 365 Defender is just one part of your cybersecurity. If you’d like a non-salesy chat to help determine other potential risks in your network, reach out to us today.