Skip to content

Cybersecurity Awareness Month: Phishing

October is Cybersecurity Awareness Month, and ITonDemand is here to support you throughout the month with extra cybersecurity-related content. Phishing has been an ongoing challenge for organizations worldwide. Even with decades of advancements, 15% of malicious attachments and links aren’t blocked by endpoint security. That means people still need to be mindful of what they download and what links they click.

What Is Phishing?

Phishing is a type of cyberattack where scammers try to steal personal information, like passwords or credit card details. This often happens through fake emails, messages, or phone calls that look like they’re from a legitimate company, like a bank or online service. As a tech leader, Microsoft is used in 57% of branded phishing attacks. These attacks often lead to identity theft or financial loss.

Common Signs of a Phishing Attempt

Not every phishing attempt can be apparent, especially with some scammers attempting to use AI like WormGPT to make more convincing scam messages. Even so, here are some common signs of a phishing attempt:

  • Urgent language: Phishing messages often pressure you to act quickly, like saying your account will be locked or they’re demanding money, especially in the form of gift cards.
  • Spelling and grammar mistakes: Legitimate companies usually proofread their messages and use a professional tone. Major or frequent errors can be a red flag.
  • Suspicious sender email: The email address might look strange or not match the person or company it’s claiming to be from.
  • Unusual links or attachments: The message may contain odd links or attachments you didn’t expect.
  • Requests for personal information: Reputable companies rarely ask for sensitive details like passwords or credit card numbers through email or text.

These signs can help you spot phishing attempts and avoid falling for them. When in doubt, always lean towards caution and never freely give out sensitive information.

Tips for Protecting Yourself Against Phishing Attacks

Phishing attacks continue to evolve, with cybercriminals finding new ways to exploit unsuspecting users. Considering that 70% of employees admit to using risky behavior, it’s more important than ever for people to start using safer habits to protect themselves. Here are some essential tips to stay safer:

  • Validate identities: Always confirm the identity of anyone requesting personal information, whether through email, phone, or text. Contact the company directly using official contact details, not those provided in the suspicious message.
  • Think before clicking: Hover over links to see the actual web address before clicking. Phishing links often disguise themselves to look legitimate but lead to harmful sites. If unsure, go directly to the website instead.
  • Don’t share personal information: Legitimate organizations rarely ask for sensitive information like passwords or financial details through email or text. If you receive such a request, it’s likely a scam.
  • Use multi-factor authentication (MFA): Adding an extra layer of security, like a code or fingerprint, ensures that even if someone gets your password, they can’t access your account without the second factor.
  • Limit what you share online: Scammers can use details you post publicly, like your birthday or email, to target you in phishing attacks. Be mindful of the information you share on social media and other platforms.
  • Keep software updated: Regular updates include security patches that protect against new vulnerabilities. Failing to update your software can leave your device open to attacks.
  • Don’t rush to respond: Phishing messages often try to create urgency to make you act quickly. Always take a moment to verify the request and think critically before providing any information.

Following these tips can greatly reduce the risk of falling victim to phishing scams. Always take the time to verify requests for personal information and stay cautious when interacting with unfamiliar messages or links. Your cybersecurity awareness is your best defense.

Steps To Take If You’ve Fallen for a Phishing Attack

If you’ve fallen for a phishing attempt, you must act quickly.

1. Disconnect Device From the Internet

If you downloaded malware, whether through clicking a link or an attachment, cut the internet connection immediately by turning off Wi-Fi or unplugging any network cables. This prevents the malware from spreading further. Can you skip this step if you haven’t downloaded anything.

2. Change Account Passwords

Prioritize changing passwords for sensitive accounts like email, banking, and social media. Use a separate, unaffected device for this. Ensure passwords are strong (combining letters, numbers, and symbols) and enable multi-factor authentication for extra security.

3. Notify Your Workplace

If you’ve accessed work data or networks from the affected device or know one of your accounts may have been accessed, immediately alert your IT team. Early notification helps contain potential breaches and allows IT to secure company systems.

4. Inform Others Potentially Impacted

Notify relevant parties if their information was exposed. That includes banks (to monitor or freeze accounts) and contacts if they might receive phishing attempts using your details.

5. Report the Phishing Attack

File a report with the FBI’s Internet Crime Complaint Center (IC3) and the Federal Trade Commission at IdentityTheft.gov. Reporting helps authorities track phishing campaigns and warn others.

6. Run Malware and Antivirus Scans

Use updated antivirus software to scan your device for malware. Afterward, ensure your operating system, apps, and firmware are fully updated to patch vulnerabilities the malware may have exploited.

7. Monitor Accounts Long-Term

Continue monitoring accounts for unauthorized activity. Set up alerts for suspicious logins or unusual transactions. Consider adding fraud alerts to credit reports or using a credit monitoring service.

8. Review and Learn From the Incident

Take time to reflect on how the attack happened. Identify red flags that you may have missed. Don’t be too hard on yourself; treat it as a learning experience so you’re more prepared for the next time.

Easily Spot Phishing With Our Phishing Infographic

Want a quick reference for spotting phishing scams? Our phishing infographic includes essential tips to help you quickly identify suspicious messages and stay safe online. Keep it handy to protect your personal information from common attempts.

Download Now

Our Partners

Trusted by Partners Across the Country

Logo for Allstate. Logo for Altrua Global Solutions. Logo for DDA Ann Arbor. Logo for Church of the Redeemer. Logo for Coastal Resources. Logo for Del Zotto Products. Logo for Fogelman. Logo for Indratech. Logo for Lynden School District. Logo for N Street Village. Logo for Ocala Metro CEP. Logo for SecurTrust. Logo for Society of American Military Engineers. Logo for Sunshine Air Conditioning. Logo for The Federalist Society. Logo for United Way of Marion County. Logo for Westfields Golf Club. Logo for Andgar Corporation.

Need IT Services? We Can Help!

ITonDemand delivers expert IT services tailored to meet your unique business needs. From cybersecurity to cloud solutions, we empower your organization to thrive in a digital world. You can rely on us for dependable support and innovative solutions.