Phishing is a method cyber criminals use to gain an individual’s personal information.
Phishing emails are created to appear as though they come from a legitimate organization or individual. The most commonly used scams are fraudulent emails from banks, credit card companies, and other financial institutions. They often have a distressing subject line, stating for example, “Problem With Your Account” or “Fraud Protection Alert.”
Typically, it is not the email itself, but an attached document that contains the malware. Users should think twice about opening any attachment regardless of who may have sent them the email.
Gone are the days of the easily recognized phishing emails with spelling and grammatical errors and typos. Employees, including executives, need to know how to recognize a phishing email, including sophisticated phishing scams, and what to do when they receive one.
Encourage employees to carefully examine any email that asks for passwords or personal information, because most organizations do not request this information via email. Do not click on any link in an email that you are suspicious of; instead, hover your mouse over the link, which will often display the actual web address associated with the link. If the link does not direct you to legitimate domain of the business, the email is most likely fraudulent.
If an employee receives such an email, make sure they know to report it immediately. Reports of phishing emails should be circulated to all employees to keep them aware that the threat is always present.
Even if the email looks to be sent from a known person, always confirm with the person or organization before providing personal information or downloading a file you did not request.
APEI has updated and improved its cyber liability coverage. Please contact your broker or APEI to discuss your entity’s coverage. Training on cyber liability and cyber protection is also available through APEI’s Loss Control program.