OEC Blog

Gone Phishing: Is your company data secure?

Gone Phishing: Is your company data secure?

According to Verizon’s 2017 Data Breach Investigations Report, phishing was involved in 43% of all data breaches. So what is phishing? Is it a threat to me? How do I defend against it?

What is a phishing scam?

Phishing scams attempt to trick employees into providing sensitive information, such as login usernames and passwords to systems, financial information, and other personally identifiable information (PII). They typically come in the form of emails, text messages (SMS phishing or “Smishing”), popup windows, or sometimes even phone calls (Voice phishing or “vishing”).  It’s enough to make your head spin. So is phishing a threat to you or your dealership? You bet.

Unfortunately, the automotive industry is not immune from these attacks. In fact, it’s just as much a target as any other industry. In 2016, Advance Auto Parts fell victim to a phishing attack that resulted in the compromise of employee information such as Social Security numbers and W-2 Tax form information.  

Defending yourself against a phishing attack

Phishing emails come in many forms. Some pretend to be executives from your company asking you to do a task such as transfer money. Others pretend to be from accounting and claim an invoice is due, while still others pretend to be from tech support, claiming that your account will be deleted if you don’t verify it with them. Targeted phishing attacks, also called spear phishing, often contain information specific to you in hopes of making the email seem more believable.

Despite all the various forms of phishing, here are some tips and tricks to help you spot phishing in all its forms:

  • Think critically about every email you receive. If you receive an email from Jane in HR asking you for personal information, ask yourself, “is this an email I would normally receive?” When in doubt, pick up the phone and ask Jane.
  • Double check the email address of the sender. Why would you receive a business email from a personal email address (such as @gmail.com, @aol.com, @yahoo.com, etc.?)
  • Move your mouse over links in email addresses to see where a link takes you (but DON’T click it). Beware of websites designed to trick you such as oeconnnection.com instead of oeconnection.com (notice the extra “n”).
  • Non-targeted phishing emails tend to use generic greetings and signatures. I’m sure you have seen greetings like “Dear Valued Customer” or “From: Internal Tech Support”
  • Many phishing emails use scare tactics to create a sense of urgency and convince you to act right away (or something bad will happen). “Validate below to avoid account suspension” is an example of a common phrase you would see in this type of email.
  • Reputable companies will never ask you for your username and password in an email. Be wary of any message that does.

Bottom line: if something doesn’t seem right, you should absolutely question it! Keep your personal – and business – data safe and secure.