Don’t get caught! Five ways to avoid a phishing scam

I love to spend time with my family. Some of our favorite outdoor activities include skiing and mountain biking. Unfortunately, this time of year it is hard to do either activity because the snow is too slushy to ski and the canyon trails are too muddy to mountain bike. However, there’s one activity that my family can enjoy this time of year… fishing!

Early spring is one of the best times to go fishing because of ice-off. Ice-off is when the warm weather of spring melts the ice from the shore causing the ice to recede rapidly. Because the fish have been dormant for six months, they begin to move to the shallow water to feed, taking almost any bait you throw at them. As the weather continues to warm, the ice disappears and the fish swim to deeper water for safety. As the season progresses, the fish are more aware of the lures being thrown at them and it becomes more difficult to catch a fish.

What is Phishing?

Like fish during ice-off, we can quickly be caught in a “phishing” scam if we don’t have the correct training to identify these “deceptive lures” and the security in place to protect our data.

Phishing is the art of sending mass emails with a common theme attempting to trick users into clicking a link allowing access to personal information and data. You might notice these phishing attacks look like they come from a reputable source but that is a tactic used to persuade individuals to reveal personal information. As technology evolves, so does the sophistication of these phishing attacks. It is no longer a matter of if you receive a phishing email but when you receive a phishing email.

Nobody wants to fall prey to a phishing scam. Fortunately, there are safeguards you can put in place to avoid becoming a victim. Here are three quick “gut check” guidelines to spot a phishing email.

How to spot a phishing email:
  1. Check for any spelling, punctuation, or grammatical errors.
  2. Does the email ask for personal information or request a quick favor?
  3. Is the email unexpected? Does it ask you to do something out of the ordinary?

If you receive an email that fits any of the categories above or the email just doesn’t seem to add up, it is likely a phishing email. Once you have identified the email as phony, you should blacklist the sender and delete it immediately.

This last month I received an email from someone claiming to be the President of HIPAA One and requested that I purchase Amazon gift cards as a bonus for our employees. Even though the email looked like it came from Steven Marco, our President, the email address did not actually match his email. Additionally, there were multiple spelling, punctuation, and grammatical errors in the email. This email was easy to spot as a phony but I might not be so lucky next time. It is important to be aware of current phishing techniques and have a plan in case an email link is accidentally opened possibly compromising data.

In addition to being able to spot a phishing attack, below are four steps you can do to keep your personal information secured.

How to avoid an email phishing attack:
  1. Be suspicious of emails, messages, texts, etc. that urgently request a favor or asks to share personal information.
  2. Think before you click any link in an email. If possible, type the web address directly into your browser instead of clicking links directly from an email.
  3. Regularly update your computer, email, and applications to ensure the latest security patches are applied.
  4. Never share personal information online or through email. If you do need to submit personal data online, make sure the website always starts with “https”. Also, where possible, turn on multi-factor authentication to further secure your account information.
Further secure your office:

For small practices using Microsoft Office 365 and Teams, you can leverage the built-in security and compliance features to combat the constantly evolving cyber security attacks everyone faces in healthcare and beyond. You can read our latest whitepaper HIPAA Compliance for Microsoft Office 365 on what you can do to implement these security features to prevent against attacks.

Like the fish caught during ice-off season, it is my hope that the more phishing attacks you see coming your way, the better you will be able to identify them as fake and not take the bait. It can cost you and your employer a significant amount of money and it could cost you your job.