6/22/2016 4:05:34 PM
A 2015 National Counter Intelligence and Security Center (NCSC) presentation reported that 47 percent of adult Americans have been the victim of a security breach in the past three years, and that 91 percent of those victims had fallen prey to “spear phishing”.
Many of the recent high profile security breaches, the Democratic National Committee (DNC) for example, started and/or provided the means to launch sophisticated phishing attacks. Here’s what you need to know about phishing, including how to protect yourself.
Phishing (pronounced "fishing") has been around for almost as long as the internet, and is an unnervingly common way for cyber criminals to obtain sensitive data from private individuals and organizations. The basic strategy is to send out an email (often a mass email) that contains a malicious attachment or hyperlink. The attachment is malware, and the hyperlink directs people to a website that is camouflaged as something legitimate and familiar. The cyber criminals hope that the individual receiving the email will either download the attachment (exposing their computer to the malware), or provide sensitive information on the fake website after clicking on the link.
While phishing scams make us feel uneasy about the potential of someone obtaining our personal information, the more chilling version is known as “spear phishing”. As the name implies, these attacks are more direct and personal, as the criminal uses information they’ve collected on a particular individual or group of individuals to target their attack. Spear phishers use the personal information from social media sites and prior data breaches. The recent attack on the DNC was initiated by a coordinated “spear phishing” campaign.
Think you can spot the phishing email? Test your skills with the Today Show’s Phishing Quiz.
Phishing attacks can be scary; here are 5 ways you can protect yourself:
The primary purpose of a phishing attack is to get you to download an attachment, and/or click on a link. If an email includes an attachment and/or a link, use extreme caution—they may be malicious and include malware that could infect your computer.
If you notice a suspicious email that includes a link, hover your mouse over the text of the hyperlink to reveal the full URL. This should help you determine if it is a legitimate link or a link to something malicious.
One of the easiest ways to identify a potential phishing email is to look for the “red flags” that are common among many of these attacks.
Coordinated spear phishing campaigns can be difficult to detect. Often, these emails have less typos, they reference something you and/or your organization may be a part of, and they originate from what appears to be a reputable source. If you have any doubts about the message, it’s recommended that you send an email directly to the person or their customer service department, or contact the person or company directly by phone to verify that they sent the email.
Software updates are notorious for taking a long time to install. While this may be disruptive for you in the immediacy, it is not nearly as disruptive as having your personal information stolen by cyber criminals. Often, software updates contain critical patches that protect you against cyber criminals. Setting your computer and/or smartphone to auto-update while you sleep is an easy way to keep your devices current, and to protect yourself against cyber criminals.
It’s hard to remember the passwords for all of your accounts, which is why many individuals use the same password for multiple account logins. But, there are tips and tricks for keeping your passwords distinct, strong and memorable. ConnectSafely recently published a post, Tips for Strong, Secure Passwords & Other Authentication Tools, which has many useful tips for passwords.
Following these 5 tips will help you reduce your risk for becoming a phishing or spear phishing victim. For additional information about staying safe online, please visit the MN.IT Services Security page
Cybersecurity
