Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises in order to obtain sensitive information such as usernames, passwords, and credit card details and, indirectly, money. These are done for malicious reasons, by disguising as a trustworthy entity to trick recipients into responding or clicking immediately, by claiming they will lose something, for example; email or bank account. Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.
A recent phishing scam targeted Gmail users, seeking to gain control of their entire email histories and spread itself to all of their contacts. The worm — which arrived in users’ inboxes posing as an email from a trusted contact — asked users to check out an attached “Google Docs,” or GDocs, file. Clicking on the link took them to a real Google security page, where users were asked to give permission for the fake app, posing as GDocs, to manage users’ email account. To make matters worse, the worm also sent itself out to all of the affected users’ contacts — Gmail or otherwise — reproducing itself hundreds of times any time a single user fell for it. Unfortunately, phishing scams like this one are not uncommon.
How do you keep yourself and your business safe from phishing scams?
The single biggest defense is education. Training your employees to be constantly wary of all the emails they receive. Some firms are educating their employees by sending out their own “fake” phishing scams. Employees who click on the link inside are greeted with a notice that they’ve fallen for a phishing scam and then are offered tips how not to be fooled in the future. Think of it as the hi-tech version of Punk’d. You may not be ready to go that far, but it is important to provide ongoing training to all of your staff about phishing scams
ASK can help protect your business against phishing scams with our Enhanced Security Services Phishing Campaign. We provide your organization with a real world phishing vulnerability assessment. Performed as a single or recurring engagement, we can customize a campaign to fit your needs. Learn more about it here.
FOR MORE INFORMATION ABOUT ASK
To learn more about ASK’s cyber security services and how we can help your business take the hassle out of technology, contact us today!