Phishing attacks are becoming more prevalent today. In fact, according to a recent study, 90% of all current data breaches are linked to phishing. And it’s not just large enterprises that get hit by phishing attacks, as small- and medium-sized businesses are just as vulnerable.
It’s therefore important for your organization to stay safe from phishing scams. To help you know if your organization is protected, take our short quiz. Each question will test your knowledge when it comes to phishing attacks.
1. Which of the following statements is correct?
A. If your IT department messages you to ask for your company email password, you should never give it out unless it’s an emergency.
B. If you receive an email from someone you know, it’s safe to provide any information that they’re requesting.
C. If you receive an email from Human Resources asking you to provide personal information, you should verify the authenticity of the email first.
Correct answer: C. If you receive an email from Human Resources asking you to provide personal information, you should verify the authenticity of the email first.
Phishing emails typically appear to come from trusted entities like colleagues, banks, or business partners to gain the victim’s trust. This is because cybercriminals know that people are more likely to respond to an email if it came from a trusted source.
Therefore, it’s important to always verify the authenticity of an email first before taking any action, especially if the email involves private information and business assets.
2. Your bank sent you a text message asking you to click on a link to renew your password due to suspicious activity. What should you do?
A. Click on the link. If it takes you to the bank’s website, then the request is legitimate.
B. Verify the request by calling the bank through a known number.
C. Reply to the text message to confirm that you really need to renew your password.
Correct answer: B. Verify the request by calling the bank through a known number.
The example above is an example of a text message-based phishing scam, called SMS phishing or smishing. In this attack, scammers send out a bulk text message claiming that the recipient’s bank account has been compromised or they have won a prize. Recipients are then prompted to open a suspicious link that asks for their login credentials or personal information.
Be vigilant when receiving these types of messages. Always verify the legitimacy of text messages you receive before clicking on links or replying to them.
3. You head the finance department in your organization and receive the following email, supposedly from your CEO. What do you do?
Subject: URGENT: MONEY TRANSFER
Hello [your name],
Please wire $1,000 to my bank account immediately. I am currently not in the office and need to complete some transactions.
Kindly keep this confidential. Your help is greatly appreciated.
A. Reply to the email and ask for more information
B. Call the CEO’s known number to verify the request
C. Wire the money immediately
Correct answer: B. Call the CEO’s known number to verify the request
The above email is an example of a business email compromise (BEC) attack. This attack targets businesses that regularly perform wire transfer payments. Cybercriminals compromise or imitate official business accounts to conduct fraudulent transactions.
BEC scams can be difficult to identify as they appear authentic and can bypass antivirus and spam filters. An attacker can even compromise an employee’s email account to make a request. Since the message came from a legitimate address, the recipient may comply with the request.
Therefore, always verify requests for sensitive transactions. Call the person or request for an in-person meeting to verify the request. Require all employees to enable multifactor authentication, so even if a hacker steals an employee’s login credentials, they won’t be able to log in without fulfilling the next security steps.
4. Someone who claims to be from the government calls you to verify personal identification details. The caller threatens to take legal action if you refuse to comply. What do you do?
A. Ask about the legal actions
B. Verify your personal information
C. Drop the call and do nothing
Correct answer: C. Drop the call and do nothing
This scam is known as voice phishing or vishing. In this attack, cybercriminals make phone calls purporting to be from legitimate companies and government agencies to steal personal and company information.
Similar to the scenario above, threat actors create a sense of urgency to pressure victims into complying with their demand. If you provide the information requested, scammers can easily steal your personal and business information for their own gain.
If you suspect that a call is a vishing scam, hang up immediately and do not comply with the caller’s requests. If you’re unsure, look up the company or agency’s official phone number and call them back.
5. If you fall victim to a phishing scam, what should you do immediately?
A. Report the incident to your IT team
B. Notify your company’s senior management
C. Do nothing
Correct answer: A. Report the incident to your IT team
By reporting the incident, your IT team can determine if your account has been compromised. They can also help you take the necessary steps to limit the damage, such as immediately changing the password and enabling multifactor authentication. They will also be able to guide you on the steps you need to take to protect your account like refraining from opening suspicious links and attachments.
What’s your score?
4–5 correct answers: Well done! You know how to handle phishing attacks.
2–3 correct answers: You have some knowledge of phishing attacks, but there’s room for improvement.
0–1 correct answer: You need to do better to be able to protect your business from phishing attacks.
Need the best protection against phishing attacks and other cyberthreats? Look no further than Founders Technology Group. We will protect your business from threats using powerful anti-spam and antivirus software, user authentication, firewalls, and more. Book your complimentary IT consultation with us today.