Wednesday, August 10

Phishing Scams: Don’t let your employees take the bait

In the context of the health crisis, mobile devices have changed the rules of the game for many organizations, and cybercriminals are fully aware that their use in a hybrid work environment is the weak point of companies and one of the perfect targets. to break into a corporate network.

According to researchers from Check Point, partner de Secure Solutions in your 2021 Mobile Security Report, at least 40% of mobile devices globally are inherently vulnerable to cyberattacks.

The phishing o Phishing is a popular attack vector for cybercriminals because it is simple and effective, as it is the simplest way to attack a user on the internet. In the business environment, one false click from an employee could bring down the entire company network and systems.

The attacker’s motivation “phisher”Is purely financial.

Their “hooks”Used are: email, text messages also known as smishing, phone calls or voice messages (vishing) and mobile applications.

Attackers send e-mails with a sense of urgency prompting the user to “take the bait”, clicking on a link to a fraudulent website to install malicious software (malware) on the device or steal information, or open a file to install it malicious code in it. They also employ phony phone calls or voice or text messages from phony sources with the aim of stealing confidential company information.

Through the large number of applications installed on mobile devices, cybercriminals also use social networks and fake applications to deceive their victims.

Educating users

Training for the awareness of the employees of the organizations is essential for them to understand the risks, identify signs of identity theft and report suspicious episodes to the technology areas of your company.

Next, Secure Solutions experts provide a series of recommendations to reduce the risk of phishing attacks:

Pay particular attention to unsolicited password reset emails. If you receive one of these, always visit the website directly without clicking the attached links.

Never share your credentials. Cybercriminals use different scams to try to steal passwords for both your personal and business accounts.

Fake websites: Analyze in detail the sites where they enter. When browsing sites that require the use of credentials, always validate that you are on the site with a secure and reliable digital certificate indicated with a padlock next to the URL and that it begins with https (security certificate) and not http .

Do not provide personal information such as bank details, credit cards, passwords or other confidential information. Serious companies never ask for this type of information through emails or voice and text messages.

Don’t open or download attachments that come from users you do not know or unsolicited users.