Phishing is a term used to describe a malicious individual that performs fraudulent activity by sending impersonated emails to companies with the intent to collect and steal data such as login credentials, bank or credit card information, etc.

When any email enters an employee’s inbox, the most important thing to remember is to make sure you think about the term “phishing” and look for hidden red flags such as misspelled names, incorrect email addresses, and bad grammar (Example: Employee@company.com vs. Employee@company.co). These are warning signs that something may be ‘fishy’ about the email and is not legit. Do not click any URL links inside the email or provide any credentials, even if the email looks authentic! If you receive an email that you are leery of, it is critical to follow up directly with the organization- do not use any communication method that was provided in the email. For example, if you get an email that instructs you to click on a URL link to check an order status or an invoice, go directly to the company you purchased the item from. Do not click on that URL link in the email that was provided. If you accidentally click the malicious link, DO NOT give any credentials!

A widespread occurrence to be aware of is when an employee receives an email from an internal employee, such as their Human Resource department asking for credentials from the user. That email would appear as though it is from a legit employee that works in the HR department (maybe even a friend). That email would be formatted with the correct company logo that genuinely makes it look like it came from the HR employee. When the targeted employee believes that their Human Resource representative is requesting this information, the targeted employee cooperates and is providing the malicious hacker all of their credentials. Scary, right? Unfortunately, these phishing emails happen to more than three out of four businesses because employers have not educated employees on the seriousness of this issue. The easiest way for a hacker to steal data is through an employee that is willing to give it to them without any hesitation. Educating employees on Phishing is critical to protect every business!

At CTI Technology, we offer a Phishing Software Campaign to our clients that will send out pretend, unannounced, and educational emails to teach/track employees’ behavior on whether they provide their credentials when a phishing email appears in their inbox. This allows businesses to help educate employees on the importance of differentiating real from fake emails.

Phishing tends to be more common during the holidays because consumers are purchasing more items online, so hackers pretend to be Amazon, E-Bay, or any favorite stores that consumers will shop at. Just remember to keep an eye out for unusual misspelling and bad grammar. If you have any suspicion that the email may be fraudulent, please contact the source directly; do not click on the URL link in the email or respond directly to that email, and most importantly DO NOT give any of your credentials. Be sure to create a new email to reach out to the source or make a phone call to verify the credibility. If you have any questions regarding Phishing, please contact CTI Technology at 847-888-1900 for more information!