Over the years, phishing has grown to be a persistent problem, and it’s unfortunately only getting worse. In 2020, globally, a whopping 75% of organizations experienced a phishing attack, and in the U.S., 74% of organizations experienced a successful phishing attack.

Phishing leads victims to inadvertently share access to their financial accounts and employees to grant cybercriminals access to their employers’ systems. It’s also the number one mechanism threat actors used to deliver ransomware.

What is Phishing?

Phishing is a popular technique used by cybercriminals. To launch their attacks, they contact victims by email, text, or telephone and pose as a legitimate entity. Ninety-four percent of malware is delivered by email. A cybercriminal’s goal is to insert trust with their victims to convince them to share sensitive data or provide credentials to access a system.

How to Recognize Red Flags

The best way to avoid phishing is to learn to recognize the red flags. Today’s threat actors are savvy and are very convincing. Top warning signs include:

  • It sounds too good to be true. Bottom line, if it sounds too good to be true, it’s probably a scam.
  • Encouraging clicking on hyperlinks. Sending unsolicited links is one of the primary ways cybercriminals lure their victims.
  • Directing you to download unsolicited attachments. An oldie, but goodie, but many phishing attacks are carried out once a user downloads an attachment.
  • Pushing urgent messages. Cybercriminals don’t want their victims to think, they want them to act. Many send messages of urgency to encourage panic, excitement, or other emotions that muddle careful thinking. A favorite tactic is an account is suspended or, ironically, “you’ve been hacked” messages.

Always treat communications from unusual or unknown senders with extreme caution. Sharing information can lead to a compromise of corporate assets, exposing data of customers and coworkers, locking of company files, and damage to a business’s reputation.

How to Avoid Phishing/What to Do if You Get Caught

To avoid falling victim to a phishing attempt, always be proactive. Users should always think before they click, stay up to date on new phishing techniques, use premium firewalls, always update browsers, install an anti-phishing toolbar, be wary of pop-ups, and to never share sensitive, proprietary, or personal data.

Fortunately, there are ways users can counter phishing scams if they get caught.

  • If a computer or device starts behaving strangely, disconnect from the internet immediately and turn off Wi-Fi.
  • Employees should notify IT ASAP if an incident occurs.
  • Delete downloaded software right away.
  • Run an antivirus scan.
  • Change passwords for emails, online accounts, and any other credentials.

Victims of phishing should report these attacks to the FBI’s Internet Crime Complaint Center (IC3). If your San Francisco Bay Area-based SMB needs protection from cybersecurity threats, such as phishing, contact Golden Gate Office Solutions today to speak with one of our IT specialists.