Phishing attacks are becoming more dangerous these days. Before, scammers only targeted email accounts and scams were much easier to spot. Phishing attacks today also involve cybercriminals sending text messages and making phone calls to steal your confidential information.
How do you know if your California business is safe from phishing scams? Taking this quiz can help you find out.
Each question is designed to test your business’s readiness to respond to a phishing attack. At the end of this quiz, you should be better able to spot phishing scams.
Question #1:
What do you do when you receive the following email?
Do you…
A. Click on the link and log in
B. Not click on the link and report it
C. Take no action
Correct answer: B. Not click on the link and report it
Phishing emails typically indicate that suspicious activity was detected on the recipient’s account, and it would be suspended if the recipient doesn’t verify their identity. In truth, such links lead to a fraudulent page made to look like it came from a legitimate company to trick you into providing your login credentials.
Companies like Bank of America, eBay, Wells Fargo, or any legitimate company will never ask you to click on a link to verify your account. One way to check if a link is legitimate is to hover your mouse cursor over it. If it links to a suspicious URL like “www.googleaccount-verify-login.com[.]xyz,” delete the email immediately.
Question #2:
You receive a text message purporting to be from Walmart saying you won $1 million. To claim the prize, you need to visit “www.walmart-promo-prize[.]gq” and provide your personal information. What do you do?
A. Take no action
B. Click on the link to claim the prize
C. Flag it as a phishing scam and delete it
Correct answer: C. Flag it as a phishing scam and delete it
More people are using their mobile devices as a productivity tool, which is why cybercriminals are using text-targeted phishing scams called SMS phishing, or smishing.
In this scheme, scammers send out a bulk text message claiming that you have won a prize or your bank account has been compromised. Recipients are prompted to open a suspicious link that asks for their personal information. Be vigilant when you receive these types of messages. If you didn’t join any contest, getting an SMS saying you’ve won a prize should raise your suspicion.
Question #3:
You are the head of the finance department in your company. What do you do upon receiving an email supposedly from your company’s CEO making the following request?
Do you…
A. Take no action
B. Verify its authenticity first
C. Wire the money
Correct answer: B. Verify its authenticity first
The email above is a typical example of a business email compromise (BEC) attack, or an attack that targets businesses that regularly perform wire transfer payments. It compromises or imitates official business accounts to conduct fraudulent transactions.
BEC scams can be tricky to spot, because they bypass spam filters and antivirus software. In the above example, the attacker has compromised the company CEO’s email account and used it to send out the request. Since the email came from a legitimate address, the recipient’s suspicions are lowered, so they’re more likely to comply with the request.
This is why it’s always important to verify requests for sensitive transactions such as wire transfers. Request for an in-person meeting or call the person to verify the request. Encourage all employees to enable multifactor authentication (MFA), so even if a hacker steals an employee’s login credentials, they won’t be able to log in without fulfilling the next security steps.
Question #4.:
You receive a call from someone claiming to be from “Windows Technical Support” saying they found viruses on your PC and they need to access your computer to fix the problem. What do you do?
A. Allow them to connect to the PC
B. Ignore the request and drop the call
C. Take no action
Correct answer: B. Ignore the request and drop the call
This technique is known as voice phishing, or vishing, in which cybercriminals make phone calls purporting to be from legitimate companies to steal personal and company information.
If the user in the above example allows the hacker to connect to their PC, the hacker will be easily able to hack into the user’s system.
To prevent falling prey to vishing attacks, always verify the authenticity of phone calls and be suspicious of callers that request your login credentials. Security companies will never call you to change your login credentials or tell you that your computer is infected with viruses.
Question #5:
What do you do when you receive the following email?
Do you…
A. Download the file and open it
B. Reply to the email
C. Ignore and delete the email
Correct answer: C. Ignore and delete the email
This is a phishing email. You can see that it contains multiple grammatical errors. The attachment is also an executable file disguised as a PDF file, which could install malware such as keyloggers and spyware if launched on the victim’s computer.
Cybercriminals are taking advantage of the coronavirus pandemic to launch phishing scams, so be vigilant with suspicious emails. Inspect the contents of emails thoroughly, do not give out confidential information, use MFA, and stick to verified sources.
How did you do?
4–5 correct answers: Congratulations! You know how to handle phishing attacks.
2–3 correct answers: You have a good grasp of preventing phishing attacks, but there’s more to learn!
0–1 correct answer: You may need to do better in protecting your business from phishing attacks.
No one can protect your business against cyberthreats like phishing scams better than ERGOS can. We will provide your business with 360-degree protection so you don’t have to worry about security issues again. Learn more about what we can do for you by downloading our free eBook. And once you’re done, contact us.
No one can protect your business against cyberthreats!
Our free eBook: 3 ESSENTIAL TYPES OF CYBER SECURITY SOLUTIONS YOUR BUSINESS MUST HAVE covers a comprehensive list of affordable cyber security solutions to keep your business safe from malware and data breaches in a time when doing so seems impossible.