October is Cybersecurity Awareness Month, and Alta Pro is doing its part by bringing you best practices for staying safe and secure.
This is the final post in our four-part Cybersecurity Awareness Checklist series. This post will show you how to detect and prevent phishing attacks.
“Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment,” says the National Institute of Standards and Technology. “If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device. No need to fear your inbox, though. It’s easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.”
The NIST has identified four areas of emphasis for Cybersecurity Awareness Month 2022:
- Enabling multi-factor authentication
- Using strong passwords and a password manager
- Updating software
- Recognizing and reporting phishing
Alta Pro Insurance Services keeps you informed on cutting-edge issues that affect your practice. Every week the Pro Practice Blog posts timely and topical dispatches from the risk management front lines. We spot looming risks – like the possibilities and potential perils of cryptocurrency – and give you advance warning. We identify promising trends – like Micro Self-Care, Cybersecurity Ethics, and the One-Page Business Plan – and give you the inside scoop. We bring you live CLE webinars on topics you request, most recently “Managing a Law Practice in Uncertain Times.” Please let us know how we can help your professional practice minimize risk and maximize reward. We’re here for you.
Cybersecurity Awareness Checklist, Part 4
Phishing
The following is from the National Institute of Standards and Technology:
- Spot the red flags. “The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (like literally 4 seconds) and ensure the email looks legit.”
- Know the most common phishing scams:
- Does the email contain an offer that’s too good to be true?
- Does it include language that’s urgent, alarming, or threatening?
- Is it poorly crafted writing riddled with misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
- Is it a strange or abrupt business request?
- Does the sender’s e-mail address match the company it’s coming from?
- Does it have little misspellings like pavpal.com or anazon.com?
- Know how to respond. “Uh oh! I see a phishing email. What do I do? Don’t worry, you’ve already done the hard part, which is recognizing that an email is fake and part of a criminal’s phishing expedition. If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible. If the email came to your personal email address, don’t do what it says. Do not click on any links – even the unsubscribe link – or reply back to the email. Just use that delete button. Remember, DON’T CLICK ON LINKS, JUST DELETE.”
Some Ways to Block Scammers
Block a sender on Outlook
Block a sender on Gmail.
Block a sender on Mac Mail.
Block a sender on Yahoo! Mail
Here’s How to Report a Phishing Attempt
Report a phish on Outlook.
Report a phish on Gmail.
Report a phish on Mac Mail.
Report a phishing attempt to CISA here: https://www.cisa.gov/uscert/report-phishing
“Another great resource is the Anti-Phishing Working Group (APWG), which collects an immense amount of data about phishing attempts. You can send a report to APWG, which adds to their database, all with the goal of helping to stop phishing and fraud in the future.”
Source: NIST
Do you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan? Is your professional liability coverage managed through Alta Pro? If so, you’re automatically a member of the Alta Pro Risk Purchasing Group (RPG), which offers a wealth of benefits for your practice: free, cutting-edge CLE webinars featuring top experts tackling timely topics; the Pro Practice Playbook; the Pro Practice Blog; Reminger’s ProLink risk management assistance; Reminger’s Claim Repair Hotline; discounts on CLIO practice management software; tax savings on health insurance; and access to the Risk Pro, who can help keep your firm safe and successful. Register here and start enjoying your Alta Pro RPG benefits.