Post #2 in threat types
Could you be the next target for a phisher? Is that term even familiar? Phishing is a method of trying to gather personal information using deceptive emails and websites.
The word “phish” sounds like “fish.” This type of online criminal activity has been around for a long time. But now it’s sneakier. Crooks are getting more sophisticated in their cyber attacks.
When an entertainer on a stage makes a book or a person disappear, we enjoy that. But if the “trick” is someone who makes your entire back account disappear, that is very different.
Being tricked could potentially also make your professional reputation disappear!
If you get a message from your bank or a note from someone in your company, did you notice the wording was a little odd? If you did notice, you may have double-checked and discovered it was fake. A phisher tried to trick you. If you did not notice, and got burned, that was probably a difficult experience.
The person who sent the phishing email is trying to manipulate belief. Trying to take advantage of the way people normally perceive things. He or she knows most people are busy, and that most people look for basic indicators that an email is trustworthy.
Let’s go down a typical list of “trustworthy” email:
- Same logo as is normal
- Same type style as normal
- Refers to ordinary procedure
- Seems to offer help
For a busy office worker, these used to be enough to verify a real email. Those days are gone. We all need to understand that cyber attacks have made work more complicated. Including just looking at email.
You need to stop the phisher. First; what is he trying to get you to do?
1) Expose private information; a username and password that can be used to breach a system or account.
2) Download malware; a malignant attachment or a link to another location that offers a download. They may take the form of Microsoft Office documents (with malicious embedded code) or .zip files with toxic contents.
Phishing can start outside your email inbox; even outside your office. For example: Don’t post personally important dates, addresses or phone numbers anywhere online. Phishers try to get inside your head to trip you up. Try changing your mindset!
How to filter messages…
• Check the spelling of links before you click. Does it go to bankname.com or actually go to alisayadda.net? Most email software will show you the real destination if you just hover your mouse pointer over the link. MS Outlook reveals the link at lower left and also as a pop-up. Gmail also shows the real destination at lower left.
• Even better, if it seems to be from someone you do business with, don’t touch the email but go to a web browser and type in correct-name dot com and log in to check for news. Organizations you do business with will show important information on their site.
• Are you behind a good strong firewall? That will prevent much phishing from ever reaching you. Same deal with installing the best anti-virus software you can afford and understanding how it works.
Other red flags …
Resembles Trusted Sources
Standard practice is to never open emails from unknown senders. So, hackers mimic trusted names, especially national or international organizations. You may receive a message from Amazon, Wal-Mart or your bank that appears to be real, but contains malware.
Urgency and fear prompt people to act impulsively. Criminals also use these methods to make innocent people click without thinking. They may claim your bank account will soon be closed, or that you’ll be punished for not responding, or that there’s been a security breach.
No matter how smart you are and how careful, something could go wrong. Reduce the damage!
In an office setting, directly contact managers. Don’t depend on email or other wait-and-see methods. If you can’t contact management then contact your technical staff. Don’t hesitate to make it urgent.
Scan your system
Your anti-virus software can stop malware much faster than any person. This is one thing it was designed for.
Your new passwords should be in the “strong” category (link below). Use password management software if needed.
Protect others from falling for whatever snagged you. Notify all your associates what happened, but only use email after a successful virus scan. You don’t want to spread whatever bug you caught. Also notify the organization that the phisher imitated; companies want to know about this, so they can help stop it.
Visual examples, password tool
Here is an image gallery of known phishing examples (external link / new tab):
Strong passwords are often available from free online sources. One example (external link / new tab):
Dashlane password generator