Gone Phishing – Don’t Be Reeled In
Reeling in a big one takes on a whole new meaning when related to cyber phishing. Unfortunately, it happens more often than one would think. And since one in 4,200 emails received is a phishing attack, according to Symantec, phishing prevention is important information for everyone to know.
Phishing is attempts by malicious actors to use email to steal personal information and data, often resulting in direct loss of money, classified information, and time. New terms have developed related to phishing techniques that have infiltrated new technologies. “Vishing” is phishing using a telephone, while “Smishing” is phishing via text platforms.
Symantec, CISCO, and IBM agree that phishing is on the rise and CISCO further states that phishing accounts for 90% of data breaches. Because of these and many other reasons, its important to be aware of these phishing indicators:
- A message from someone claiming to be from your military service, government organization, corporation, internet service provider, bank, and other plausible senders.
- An email that directs you to a website that looks real.
- A message that asks you to call a phone number to make any changes or to secure to your computer, bank account, or other account.
- A message that asks you to validate account information via an embedded link or phone call.
- A message that is marked as “urgent” or threatens dire consequences.
If these indicators seem difficult to differentiate between legitimate emails from known organizations, that is because they are meant to. These emails will appear with a company’s real logos and slogans and are written to motivate the receiver to act right away.
Another disturbing trend is the use of .pdf attachments to release malicious code. This is because many of us have been told we can trust this type of file, so of course this has been leveraged by those wanting to do harm.
While it is sometimes difficult to determine upon first look which is a legitimate email and which is a phishing attack, it’s easy to root these out.
Prevent a successful phishing attack by following these guidelines:
- Do not access sites by selecting links in e-mails or pop-up messages. If you are concerned about account updates and validation, directly type the URL into your browser or use your personal bookmarks.
- If investigating an account claim via telephone, do not use the phone number listed in the email. Contact the organization using a telephone number you know to be legitimate.
- Delete suspicious or known phishing e-mails.
- Report phishing e-mails requesting personal information to the computer help desk and/or security teams.
- Validate real emails by looking for digital signatures and verifying email addresses.
- Never give out organizational, personal, or financial information to anyone by e-mail
- Avoid sites with expired certificates. If officially directed to a site with expired certificates, report it to the computer help desk and/or security teams.
Avoid phishing and other internet scams by partnering Cybernet Cybersecurity Services.