|
This week's focus for Cybersecurity Awareness Month is “phishing.” Phishing is becoming more and more common in the workplace and in our personal lives. We all must do our part to be cyber smart!
In short, phishing is a fraudulent attempt to obtain sensitive information by being disguised as trustworthy electronic communication. These scams usually create a false sense of urgency or utilize an emotional appeal to entice victims to provide data. We most commonly see phishing in email, but it can also be carried out via other social engineering tactics such as instant messaging, or text messaging or social media.
There are many different types of phishing scams. Outlined below are common tactics to be aware of:
- Spear phishing is a phishing attempt that tends to be more targeted than a normal phishing attack. These emails are much more dangerous since they are tailored to the individual and appear much more legitimate.
- Credential phishing usually involves a hyperlink in an email that redirects to a seemingly legitimate website. The clicker is taken to a fraudulent login page designed to steal their information.
- Social Media Scams are similar to email phishing, however they occur on social media platforms rather than email. Criminals could pose as a potential donor or a trusted organization to trick you into clicking a malicious link.
- Business Email Compromise (BEC) is when threat actors use email fraud to attack an organization and its employees, customers, or partners. Most attacks target specific roles within an organization by sending spoof emails which fraudulently represent a senior colleague or a trusted customer with instructions to approve payments or release client data.
- Ransomware is commonly associated with phishing. This occurs when users click an attachment or hyperlink in an email and then malware installs on the computer. The result is the files on the computer, and connected servers, becoming encrypted. The scammer is the only one who can decrypt the files, and holds the data for ransom.
Quick Tips
When suspicious emails make it through our defenses, we rely on you as our last line of defense. Therefore, it is vital that you learn to properly identify and report suspicious emails as potential threats.
- Think before you click hyperlinks and attachments. Unsolicited links or files, even from a sender you recognize, can be used to distribute malware. Always read the text and URL before clicking.
- Set up multi-factor authentication (MFA). Strengthen the security of your account by setting up MFA whenever it is offered. This adds an extra layer of security in the event an account is compromised.
- Increase your password strength. A strong password includes uppercase and lowercase letters, numbers and special characters. Keep your passwords private, and do not share them. Create unique passwords for different services. Use a password manager application to store your credentials.
- Always verify. Phishing emails often use brands and images you recognize to create a sense of trust. Call the sender to verify the email is legitimate. Also double check the spelling of URLs, email addresses, and other email content. Grammar and spelling errors can be signs of scams.
- Group Power! Does something smell phishy about an email? Just ask around. Many times the same phishing email will be sent to multiple people in the same company or department. If you receive a strange message that says “click this link” it is a good idea to get a colleague’s opinion and ask if they got the same message.
Fight the Phish! Remember, you are the last line of defense against phishing. Cybersecurity is everyone’s job, so let's put cybersecurity first.
|
