Tag: cybersecurity

Phishing

Posted by on in SecurityLeave a comment

PHISHING

Do you love fishing?  Of course you do.  You know who else loves fishing?  Hackers!  Only, they spell it with a PH because it’s cool and looks “techy.”

And they can’t wait to send their phishing emails out because they know that the world is full of click happy rubes who won’t think twice about clicking on a link they supplied after warning you that your world is going to end if you don’t click on that link and sign in with your username and password.

You see, phishing is a social engineering technique.  The hacker might attempt to make the recipient believe that there is a problem with some account associated with the user.  They’ll send emails with attachments that look legitimate to the user so that he/she will click on it.  They might even make phone calls to try to get information from the user.

Phishing attacks are some of the most common cybersecurity threats going around.  Successful attacks can lead to identity theft, data breaches, financial losses, and falling victim to ransomware.

The moral of this story?  Don’t just click on links in an email… especially if the link is asking you to log into an account! Phishing doesn’t just happen with emails.  There are several different ways hackers attempt to coax information from you.

  • Email Phishing: Fraudulent emails mimicking trusted organizations.
  • Spear Phishing: Targeted attacks aimed at specific individuals or companies.
  • Smishing: Phishing via SMS or text messages.
  • Vishing: Phishing conducted over phone calls.

How do you minimize your chances of falling victim to these attacks?  Follow these simple rules;

VERIFY THE SOURCE.  If you not sure who’s asking you to click on a link or sign in to something, then verify who it is.  It goes without saying, so I’ll say it… DO NOT contact them using any phone number or email address conveniently supplied inside the email or text.  Contact them using addresses or phone numbers from their official website or official directory.

    DON’T JUST CLICK ON A LINK.  That site you go to might look legit, but it’s supposed to.  If you think you need to go to that website, then type the organization’s URL directly into the browser.  As for attachments… they might contain malware.  Verify the sender is legitimate AND that he/she sent you the attachment.

    KEEP YOUR SOFTWARE UPDATED.  Older software, including Windows versions and updates, are more susceptible to exploitation.  Many of these updates can be automated, so that leaves you plenty of time to play solitaire… you know… if you did that sort of thing at work… I’m not judging.

    USE MULTI-FACTOR AUTHENTICATION (MFA) when logging into… wait…

    Is it login to, log into, or log in to?  But I digress…

    So where were we?  Use two-factor authentication when logging into (we’ll go with that one) all accounts.  This also reduces the risk of unauthorized access to your account if your username and password gets compromised.

    USE COMMON SENSE.  If you get an email with generic greetings like “Dear customer,” or (especially) of you get some urgent message that you need to log in immediately or calamity will ensue, definitely question the request.  Also, most email services and browsers have built-in phishing protections.  However, the best software security is useless if you get all click happy in your email.

    JUST HANG UP if it’s a vishing attempt.  Don’t engage them, don’t try to figure out anything about them.  Many vishing attempt begin with a robocall, and many of those calls are designed to trigger after hearing the word “hello.”  If you answer your phone with some sort of greeting, you may only hear silence on the other side.  Also, the phone number is probably going to be spoofed and might look like a local number, so don’t rely on that for verification.

    So how do you prevent or minimize phishing attacks?

    • Train your employees on how to spot phishing attempts.
    • If you have the ability, simulate an attack to test your employee.
    • Ensure your software is updated.
    • Limit access to sensitive systems.

    CONCLUSION

    With the advancements in AI technologies, it’s easy to create and distribute professional-looking emails and professional-sounding phone calls.  Using a combination of cybersecurity awareness, knowledge, and vigilance will go a long way in keeping the phishing attacks to a minimum.  Caution, education, and technology are the ways to go!