Image Alt

02-Week “#Fight the Phish”

02-Week “#Fight the Phish”

From ransomware to SolarWinds, the cybersecurity space has been as hectic as it has ever been over the last two years. For all of the emerging threats cropping up on the horizon, phishing is still one of the oldest forms of threat in cybersecurity. Phishing is continuing to quietly wreak havoc in the cyber community. Despite often being overlooked in terms of hype, phishing has been a mainstay in the cybersecurity threat landscape for decades.

So What Exactly Is Phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

se-rf
fnf-phishing

With that in mind, what can one do to protect themselves from such a threat? Well here are a few quick best practices and tips for dealing with phishing threats.

How To Recognize Phishing

Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If given access to this information, they could gain access to your email, bank, or other sensitive details. Scammers launch thousands of phishing attacks like these every day and are often successful.

Know the Red Flags

Phishes are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether the content is genuine or a potential threat. This is why it is so important to know the red flags.

Phishing emails and text messages may look like they’re from a company you know or trust.

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.

The content might be Awkward and unusual formatting,

They may use overly explicit call-outs to click a hyperlink or open an attachment,

The subject lines may create a sense of urgency

These are all hallmarks that the content you received could be potentially from phish and indicate that it should be handled with caution.

Verify the Source

Phishing content comes in a variety of ways, however, many phishers will try to impersonate someone you may already know. This could include a colleague, service provider, or friend. This is done as a way to trick you into believing their malicious content is actually trustworthy. Don’t fall for it. If you sense any red flags that something may be out of place or unusual, reach out directly to the individual to confirm whether the content is authentic and safe. If not, break off communication immediately and flag the incident through the proper channels.

Be Aware of Vishing and Other Phishing Offshoots

As more digital natives have come online and greater awareness has been spread about phishing, bad actors have begun to diversify their phishing efforts beyond traditional email. For example, voice phishing or vishing has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization. An example of this could be a healthcare provider or insurer asking for sensitive information. Simply put, it is imperative that individuals be wary of any sort of communication that asks for personal information whether it be via email, phone, or chat, especially if the communication is unexpected. If anything seems suspicious, again, break off the interaction immediately and contact the company directly to confirm the veracity of the communications.

How Do You Protect Yourself From Phishing Attacks

Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection.

Protect your computer by using security software.

Protect your mobile phone by setting software to update automatically.

Protect your accounts by using multi-factor authentication.

Protect your data by backing it up.

A few in depth methods of protecting your device would be

To protect against spam emails, spam filters can be used. Generally, the filters assess the origin of the message, the software used to send the message, and the appearance of the message to determine if it’s spam. Occasionally, spam filters may even block emails from legitimate sources, so it isn’t always 100% accurate.

The browser settings should be changed to prevent fraudulent websites from opening. Browsers keep a list of fake websites and when you try to access the website, the address is blocked or an alert message is shown. The settings of the browser should only allow reliable websites to open up.

Many websites require users to enter login information while the user image is displayed. This type of system may be open to security attacks. One way to ensure security is to change passwords on a regular basis, and never use the same password for multiple accounts. It’s also a good idea for websites to use a CAPTCHA system for added security.

Banks and financial organizations use monitoring systems to prevent phishing. Individuals can report phishing to industry groups where legal actions can be taken against these fraudulent websites. Organizations should provide security awareness training to employees to recognize the risks.

Changes in browsing habits are required to prevent phishing. If verification is required, always contact the company personally before entering any details online.

If there is a link in an email, hover over the URL first. Secure websites with a valid Secure Socket Layer (SSL) certificate begin with “https”. Eventually, all sites will be required to have a valid SSL.

Cybersecurity Awareness Month Oct 21

Be part of our Digital Presence, so that we could give you more practical tips at no cost to you.