Phishing scams have been prevalent for a while, but since the SVB crash, they’ve been on the rise. Threat actors are looking to cash in on the misfortune of and prying on the lack of awareness around cybersecurity threats and the sensitivity of the situation.

Every company, regardless of size, is a target for threat actors. We received an email from a well-known company at Hill Country Tech Guys asking us to update our account information ASAP due to the SVB crash. The message included several ways we could make payments with them directly.

The problem is our company doesn’t do business with this company. HCTG requires our employees to complete frequent phishing training and simulated phishing attacks to ensure our workforce spots potential threats quickly and responds appropriately. In this instance, that training worked precisely as intended.

Phishing is something every business should be taking very seriously right now.

Tips to spot phishing scams

Some phishing scams are apparent and easy to catch, but they’re evolving with technology and becoming a more significant threat.

  1. Always ensure you know the sender – If you get an email from someone asking you to grant access to something, update your payment information, or personal information, ensure you know the sender.
  2. Check for obvious typos and misspellings – typos and misspellings are a key indicator that you’re dealing with fraud. Yes, legitimate typos do happen in copy often. Look at company names, sender addresses, and body text. You are likely to find these within poor phishing attempts. Check the logo to ensure it’s the current company logo. If the logo looks wrong, go check the company’s website. Threat actors will search the web, download a logo, and paste it into emails to look legit. Sometimes they accidentally use an old one.
  3. Be sure the sender address is correct – threat actors often create email addresses that look very similar to the real thing. This is how they make you feel safe. Sometimes they change just one letter or character to fool you.
  4. Ask – if you get an email from Laura in HR (if you haven’t seen her Instagram, you’re missing out) asking you to update your banking information. You know that generally, banking info is updated in your employee portal or at the employee’s request. This should raise a red flag. The easiest way to verify this is to reach out directly to Laura and ask. Please note this does mean replying to the email. Walk over or pick up the phone and call to verify they truly sent you that message.

What to do if you suspect you’ve become a victim of phishing

How to train employees on phishing scams and other cyber-threats

Training employees to spot phishing scams and other cyber threats is a must. Your IT team should be able to provide you with the best solutions for cyber awareness training. Some companies provide premade training modules and assessments at a per-user cost for many companies. If you use an MSP, ask them about finding the right solution for training your workforce. Call Hill Country Tech Guys today if you need a good MSP or want to know more about phishing scams and cybersecurity training.

Leave a Reply

Your email address will not be published. Required fields are marked *