You’ve probably heard of phishing scams and horror stories of stolen identities. But do you know how to protect yourself, your staff, and most importantly—your owners and residents? We’ve outlined the most reported phishing scams you may encounter and how to avoid them.
A phishing scam tries to get sensitive information or infiltrate a system through social engineering. What this means is that they lean on human emotional responses to gain the advantage. Attackers use fear, the promise of a prize and even guilt to separate you from your most valuable asset: your personally identifiable information (PII).
Historically, phishers used email to attack exclusively, but as Gmail and other email providers get better at filtering out phishing messages, scammers are turning to social media, texts and even phone calls.
The end goal is always the same: Use the PII to get to your money — or your company’s money.
Let’s take a look at exactly how it works by method.
An email phishing scam uses enticing information and a sense of urgency (or even threats) to get you to give up personal information, click on a link or download a file. They say you’ve won a prize and all they need is your home address, or that your bank account will close if you don’t give them your account number to straighten it out.
There are a few ways attackers use social media to scam users. In a Facebook phishing scam, you may get a request from your friend’s cloned account asking for money, or you may be tricked into clicking on a link and entering your username and password. On Twitter or Instagram, a shortened url could send you to a bogus site specifically designed to capture your information.
Other phishing scams include phone calls masquerading as your bank or credit card company and asking for personal information. A texting phishing scam could warn you that your account has been breached and to follow a link to check it out.
You will discover creative ways to identify and eliminate routines that are no longer benefiting your business.
The average, easily-identifiable phishing scam targets a large group of people with no focus on who they are, but there are also more specific types of attacks out there that might surprise you.
Spear Phishing: A spear phishing attack targets a specific group or individual. An attacker gathers information about their targets from social media accounts and other online sources, which they use to make their scam even more credible.
Clone Phishing: An attacker finds an email from a trusted agency that their target wouldn’t suspect, then copies the logo, email address and language.
Whaling: Whaling targets the “big fish”—management and C-suite executives who would have access to much more lucrative information and bigger company systems.
If you suspect a hacker in your midst, here are some things to look for:
Finally, if you suspect a phishing scam, go with your gut. Double-check with the person or agency who sent you the message and never click on anything in the email.—
Take the time to educate yourself and your employees about the dangers of phishing scams. After all, they jeopardize not only your property management company, but also your owners and residents.
Keep residents up to date on how to protect themselves. If one of your employees or residents discovers a phishing scam, get the word out quickly, so people know what to look for. Staying vigilant is the best protection for you, your company and your residents.