This story was originally published in Builder.

Adobe Stock

Newly analyzed data suggests both construction and real estate employees should be paying close attention to their emails, online accounts, and overall Internet use for potential phishing and malware attacks from cyber-criminals, says Reboot Digital Marketing Agency.

The London-based digital marketers reviewed ProofPoint’s cyber-security quarterly analysis and found the construction industry is the second most targeted for email fraud with an average of 61 attacks per company over a three-month period. The real estate industry follows with an average of 54 attacks per organization in the same time frame.

“Phishing is a type of cyber-crime that involves deceiving the user into thinking they are communicating with a legitimate company, in order to steal confidential information and passwords,” reads a press release from the firm. “By its nature, phishing and malware attacks work by impersonating someone the recipient knows and trusts.”

Lower-level employees, such as customer service representatives, were subject to 67% of highly targeted attacks, with marketing, public relations, and human resources employees accounting for roughly 20% of all attacks.

Contributors also represent a large targeted pool with 40%, while management (27%), upper management (27%), and executive (6%) workers are usually targeted less frequently.

Courtesy Reboot Digital Marketing Agency

In order to avoid phishing and malware scams at work, Reboot Digital Marketing suggests adhering to the following tips.

1. Know what to look for: Pay close attention to attachments, advertisements, and pop-up alerts, ensuring you only open what you trust. Train users to spot malicious emails and websites.

2. Avoid unsolicited links and attachments: Most commonly, you should know the sender of an email and trust the source it is coming from. If unsure, go with the assumption that it is best to avoid opening emails from an unknown source/sender altogether. And although a lot of companies employ malware scanning features, you shouldn’t rely on it solely.

3. Turn off email HTML: Adding HTML can sometimes automatically run malware scripts within an email once it has been opened. For this reason, you may choose to disable it, lowering the risk of an attack.

4. Scan external drives: Many USB and external hard-drives can hold malware and spread it across other workplace computers. To be extra vigilant, it is recommended that you scan all external devices with anti-virus software each time you connect an external portal to a computer.

5. Change your passwords regularly: Though it may be obvious, it is easy to forget to regularly update your passwords or be reluctant to do so in fear of forgetting them. However, for security purposes it is good practice to change your passwords every 90 days.

This story was originally published in Builder.