Phishing is a common technique employed by scammers throughout the world. A phishing attack looks like an email from a business, company, customer, or person you know, but it isn’t. The email will ask you to provide sensitive information, like network passwords or credit card numbers, or to open an attachment or link to a website which can appear to be legitimate. Not sure if an email is legitimate? We can help.
A phishing attack starts with a simple email. The email could appear to come from your boss, a company or business you work with, or a fellow employee. The email will typically ask you to click a link, respond with your password, or provide credit card information.
The email will look valid. A phisher can easily download logos and fake email signatures that make the email look more real. You can expect a scammer to use the name of one of your business partners or pretend to be someone you know when you are targeted by a phishing attack.
No matter what piece of sensitive information the email asks for, you can count on there being a sense of urgency. The phisher will typically imply a negative outcome if you don’t act based on the email. This will sometimes manifest itself as a request to do something such as enroll in benefits, view your paycheck, etc. They are looking for you to follow through with clicking the attachment, going to the link, or providing information which you should not disclose. This sense of urgency is designed to prevent you from thinking through the request and asking questions.
If you click on a link in the email you open your business up to the installation of malicious programs on your systems. Links in the email will take you to a page that looks like your bank or other another familiar website. If you provide passwords, scammers can access your business accounts and can compromise any sensitive data stored in your system.
This is the first step to verifying any email you receive. If an email is asking for information or sending you online through a link, you should make sure you recognize the sender. Scammers can spoof email addresses, but they will also create an email address that appears like a valid one. Look for small irregularities like periods or numbers replacing letters.
Scammers often make common grammatical or spelling mistakes when sending emails. If an email claims to be from someone you know, make sure the email sounds like it is written by that person.
If you aren't sure about the validity of an email, reach out to that person via a known channel of communication. This is the surest way to make sure an email is legitimate and isn't a scammer trying to compromise your business. Do not reply to the email asking if it's legitimate. In most cases, the email is out of character and completely isolated from any other conversations you've had with the sender.
Make sure you trust the sender before clicking on any links or downloading any attachments. You can check a link by hovering over it with your mouse to make sure the link is taking you to a valid webpage.
If you think you have received a phishing email or have fallen for one, talk to your team. Phishing attacks typically target multiple people in a company. If you provided credentials for a third-party site, it is important to contact that company and make them aware of what has happened.
It is best practice to frequently change your passwords. You should also use a different password for every account. Using a password manager is a good way to strengthen your passwords and to limit your exposure if one account is compromised. If you believe you were phished changing all passwords is a great way to protect yourself. If you provided a password that is shared with other accounts, change the password for those accounts as well.
If customer data is impacted by the security breach, you should let them know once you understand the extent of the incident. You can find more information on how to do this at the Federal Trade Commission website.
To report a phishing email, you can forward it to the FTC and Anti-Phishing Working Group at firstname.lastname@example.org and email@example.com. You should also let the company that is impersonated know about the phishing scheme.
Practicing good online habits is key to the health and safety of your business and personal web presence. For more information on how to stay safe online, view our security blogs on Flourish with First or visit our free online identity theft protection course.
The information on this page is accurate as of March 2021 and is subject to change. First Financial Bank is not affiliated with any third-parties or third-party websites mentioned above. Any reference to any person, organization, activity, product, and/or service does not constitute or imply an endorsement. By clicking on a third-party link, you acknowledge you are leaving bankatfirst.com. First Financial Bank is not responsible for the content or security of any linked web page. Member FDIC / Equal Housing Lender.
You are about to go to a different website or app. The privacy and security policies of this site may be different than ours. We do not control and are not responsible for the content, products or services.
Online banking services for individuals and small/medium-sized businesses.
If you haven't enrolled yet, please enroll in online banking.
f1RSTNAVIGATOR is where our business clients can access tools to help manage day-to-day account activity.
Sign in now to access your account, or download the new app by searching "Your First Financial."