The Importance of an Incident Response Plan
Top 2020 Phishing Threats and How to Dodge Them
2020 has been quite a year thus far. Alongside record alcohol sales, Cybercrimes are also at an all-time high. As we have discussed in the past, 91% of breaches begin with a phishing attempt, and we have seen phishing attempts increase by 600% since January. To avoid these tricky phishing schemes, we need to understand what to be vigilant of when it comes to phishing attempts. We know that COVID-19 phishing attacks are on the rise but don't get too complacent in that fact. Let's take a look at the top trending phishing attacks in 2020.
Human Resources rules and regulations: This sneaky attempt preys on obligation. Employees know that they need to click to read newly issued HR rules and especially rules of conduct. We all are aware that the HR team will track you down until the task is completed. What seems like a mundane task to prevent harassment in the workplace has quickly turned into one of the top phishing attacks of 2020.
Notification of Scheduled Server Maintenance: This phishing attempt uses the knowledge that we all need to know if there will be any server downtime. Employees will quickly click on these links to plan out their workdays around said outages, especially with many companies working from home. But, know this, Pendello Solutions will always send server maintenance from a Pendello verified email, and we will never update servers during business hours. You can rest assured that this is a bogus notification if we ask you to click on a link to view the server maintenance schedule.
New Email System Test: We all want to be helpful. We will especially comply if it only requires one quick click. Unfortunately, that simple click can cause a manifestation of malware being uploaded to your system.
Notification on a secured document: A secure document's enticement gives employees ample reason to access a document by a less than typical route. Phishing criminals can get employees to enter passwords or adjust security settings to comply with orders even though it seems uncommon.
Social Media Message: With the increase in LinkedIn popularity throughout 2020, scammers on preying on FOMO (fear of missing out.) You may receive a notification that you have unread messages on LinkedIn. Scammers know that many jobs have been cut back or even eliminated, and so they are capitalizing on FOMO specifically within the workplace.
How to Dodge the Bullet...
Always think before you click: Many times the most basic messages are the "best" phishing attempts. Be vigilant. Look for spelling mistakes, software your company doesn't use, or terminology that seems foreign. If anythings appears questionable, then it is probably bogus.
If you question anything, check with the sender: Verifing is the name of the game although do not verify by clicking reply. Be sure to message the sender through your internal messaging system or pick up the phone.
Closely examine before you click: Many phishing attempts are well-written. So we must examine emails as the criminals must rely on hacked websites or temporary cloud services to host their bogus phishing webpages. Instead of clicking on the link, hover over the link and verify that the website is legit.
Always Report anything suspicious: Just like Officer McGruff said, "Help Take a Bite Out of Crime." Phishing scammers send these attack attempts out to the masses. If you get in the habit of reporting all suspicious activity, you can easily help your organization dodge one of these costly attacks.
Phishing attempts are incredibly sneaky. We all must be vigilant all the time when it comes to cybersecurity. Additionally, always trust your gut. If something seems "phishy," resist the click. Contact your experienced Pendello Solutions team and allow us to investigate before it is too late.