Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
This is not a new scheme, but it continues to be an effective one. According to Wombat Security, 85% of organizations have suffered phishing attacks and 30% of those emails get opened. According to Verizon, the number one delivery vehicle for malware is email attachments and the simple act of clicking a link in an email can leave your company exposed to dangerous activity on your network.
The easiest solution? Educate your employees to never click on links within emails that they don't trust or weren't expecting to receive. Attachments should only be downloaded from reputable sources. If possible type the URL you want to view into a browser rather than clicking the link provided in the email. Anything that requests personal information is most likely a scam. Reputable companies will not ask for sensitive information through insecure channels such as email.
Phishing emails are often written to make you feel threatened or scare you into providing information. Messages such as "Our records indicate that your account was overcharged. You must call us within 7 days to receive a refund," provide a level of urgency that you feel you must address. It's important to not take the bait and click on any links or call provided phone numbers that might open you up to provide personal information that can be used against you.
The Federal Trade Commission offers tips for dealing with phishing scams, action steps to take to avoid phishing attacks and how to report phishing emails on its website. Check it out to get better educated and remember always, "Think before you click!"