While phishing attacks are nothing new, they continue to be more inventive and of an exponentially greater quantity, causing us to pause and revisit what continues to be a serious issue for government organizations, businesses and individuals.
The technique of Phishing has been around for years, and hackers continue to use it for one big reason: it is effective. With minimal effort, they can launch a campaign and send it out to thousands. With updates in technology and availability, they can buy up domains, copy logos, and embed links into carefully crafted emails. This recent article introduces a campaign asking you to open an encrypted email message, like one you’d receive from your bank, doctors’ office, or other source wanting to communicate in a secure way, preying on our need for security.
What is the aim of all this activity? To capture personal information, login credentials, or other personal details that allow them access to your identity or business. In plain terms, to compromise you. So, what do we do about it? Read on for a few of the simple, but effective ways to combat phishing for yourself and your business.
1. THINK BEFORE CLICKING AN EMAIL LINK
When we think about hacking, most people think of complicated networks of underground people, searching for backdoors and using all the latest tools and technology to topple governments and major corporations. When it comes to phishing, it is often far simpler than you think. Basically, DON’T CLICK THE LINK if it’s not an email you’re expecting and from someone or an entity you know (refer to rule #3 to make sure it legitimately is someone you know.) It doesn’t matter if the email appears to be from your bank, a receipt from Apple about a recent purchase, an encrypted message or appointment reminder from your doctor’s office. My kids helped me come up with this simple catchphrase to help them remember, but it works for adults and kids alike: “If there’s a link, stop and think.” What do you do instead? Open a browser and go to your usual login site to log in and check on your account. Any legitimate messages will be available through your customer portal.
2. DOUBLE CHECK THE URL
Another way, phishers succeed is by buying up domains that are close to what you normally visit. For example, if you normally go to https://www.chase.com they might purchase a common typo of that, like: www.hcase.com or www.chaase.com so that when you accidentally type in their URL, you get a similar looking site and they capture your login credentials and personal details when you “verify your information for security purposes.” So, before logging in, double check the URL for accuracy. Don’t just rely on a page looking legit.
3. LOOK CLOSELY AT EMAIL ADDRESSES
While most people know it is a good idea NOT to open emails from anonymous sources, most people are easily tricked by misspelled or slightly adjusted email because of our amazing brains. For example: “Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn’t mttaer in waht oredr the ltteers in a wrod are…” Taking a few seconds to look closely at the email address of the sender and verifying it’s accuracy may seem tedious at first, but it is daily habits like this one that save you from the embarrassment, damage caused, and time needed to repair an issue when someone steals your identity or uses your credentials to gain access to your company.
4. MANAGE YOUR PASSWORDS SO THEY DON’T MANAGE YOU
In the busy world we live in, we are all so busy completing “important” tasks and managing our work and home lives that something like managing passwords is always that low-priority task that “I’ll do when I have time” or “after this project is complete” or “when I can find someone to help me with it.” I’ve met others who think, my passwords are ok because I’m so vigilant about my online practices. Whether you are managing this process on your own or using a secure password manager like 1Password, there is a dedicated amount of time involved in recording and randomizing your passwords. However, using simple, unsecured passwords or reusing passwords altogether can increase your risk-level exponentially. So, how much of a gambler are you? Blocking a couple of hours in your schedule to tackle password management could save immense amounts of time, money, and humiliation.
The bottom line with evading phishing is vigilance. Most of the time, simple solutions practiced everyday are the best way to dodge phishing traps.
And, as always, CyberDefenses offers advance services options for Guidance, Operations, and Intelligence Services. Want to know if your network has succumbed to phishing or other threats? Enlist the help of our credential tracking services. For more on all of our service options, check out this page: https://cyberdefenses.com/services/