Directive Blogs
The Simplest Trick to Avoiding 95% of Phishing and Text Scams
It’s easy to get so caught up in what you are doing that you let your guard down. What if there were just one small change you could make in your life that would immediately reduce the chances of falling victim to a phishing attack?
Remind Me, What’s a Phishing Attack?
A phishing attack is when you get sent an email or text message that might look legitimate, but is designed to trick you into handing over sensitive information or downloading malware.
Right now, it’s the number one way most cyberattacks are initiated for small businesses, and because it works so well (for the cybercriminals) it’s likely going to continue to be common.
We’ve talked about how phishing and similar scams have affected the area in the past.
We also have a really great guide on how to spot a fraudulent phishing attack that you can download and share with your staff.
But there is a lot to think about when you are going through your emails. Even though it should only take 10-20 seconds to look through an email to see if it’s legitimate or if it’s a phishing scam, when you multiply that by the dozens or hundreds of emails you get each day, that’s a lot of time!
It’s mentally exhausting!
Fortunately, if you focus on building this one single habit, you’ll avoid just about every phishing attempt.
Just Don’t Click (or Tap) on Links or Attachments
It’s that simple.
So far, cybercriminals really need you to click on a link or download an attachment to harm you. If you simply decide that, starting today, you will decide to simply not click on links and download email attachments, you’ll be safe from the most common cyberattack vector of all time.
Starting now, force yourself to take a “I’m not touching that” approach to all emails and text messages. It will take a little time to get used to it, but trust us—this is the way to go.
I know what you might be thinking, “Wait, I get a lot of email correspondence where someone needs to send me an attachment or send me to a site.”
You certainly do. Most websites don’t let you finish making an account without validating your email address. If you reset your password on a website, it will likely send you a link to click on to authenticate you. Heck, we send out monthly enewsletters and tips and other mailers all the time that drive you back to our website.
I’m not even going to list out all the dozens and dozens of other exceptions you might need to make. In fact, you should only really have one major exception that grants you clearance to click a link in an email; you were expecting it.
That’s it. You asked for it, you requested it, you were told you were going to get it by someone you trust.
If you didn’t expect it, you shouldn’t trust it.
It doesn’t matter if it’s your bank, your business partner, Microsoft, or your grandmother. If you weren’t expecting it, your gut reaction should be to avoid clicking it.
Let’s look at a real-world scenario:
PayPal Just Texted Me and Told Me My Account Was Suspended
You get a text out of nowhere that says something along the lines of “ALERT: PayPal has noticed unusual activity and has suspended your account. For your safety, confirm your identity here:” and then it gives you a link.
With your new “I’m not touching that” approach to links in emails and texts, you can absorb the information, and act rationally. Go to your web browser and go to PayPal the same way you do all the other times. Ignore the link in the text message. Log into PayPal just like you would normally, and see if there is anything about the account. Chances are, you haven’t updated your password in a few months, so use the opportunity to update your PayPal password.
There’s no need to click that link. It’s likely a scam, but you just took the correct steps to verify without putting yourself at risk.
Let’s do another:
My Vendor Just Sent Me an Email Requesting Me to Update My Credit Card Info
Basically the same deal—you get an email that says your payment information is out of date, and a link to the vendor’s payment portal, or maybe an attached PDF.
Instead of bothering with the link or PDF, take the opportunity to call the vendor. Unless you were expecting it, or you are willing to take the thirty seconds to carefully verify the validity of the email by using our downloadable guide, just get confirmation.
The same goes for correspondence with a customer, a business partner, a prospect, and yes, even your own mother. I bet she’d love a phone call from you rather than an email response anyway.
Don’t Trust an Email Unless You Were Expecting It
If you train your gut reaction to avoid clicking on things first, you’ll save yourself a lot of time and headache, and build better communication habits. Encourage the people you work with to share these habits with you, and before long, we may be able to stamp out the threat of phishing attacks together.