Don’t Fall for Phishing Attacks

Cybersecurity Awareness –   By Ron Frechette, The Cyber Guy

Ron Frechette

Fall is here! Time to hunker down as we head into the cooler weather months and focus on our final sprint towards the holidays and end of 2017.  As part of our hunkering down process, we need add the practice of cyber vigilance to the list.  We have seen a dramatic increase in breaches due to phishing attacks over the first half of 2017… and it doesn’t seem to be slowing down any time soon.  Most of the victims are small-midsize businesses and the general public, like you and me.

What is a Phishing Attack?

A phishing attack is an attempt by cyber criminals to steal our sensitive information (i.e. user names, passwords, credit card data, healthcare information) and use it for malevolent purposes. Phishing attacks are disguised as a trustworthy source, usually in an electronic communication. It can be carried out on many platforms including instant/text messaging, social media, email, or by telephone. Some of the more recent phishing attacks have been extremely sophisticated and highly profitable for cyber thugs.

Case in Point

I was recently a potential victim of a classic email phishing attack. As you will see to the right, there is an actual screen shot of the email I received.  Let’s take a closer look at this email and examine the things that we might consider to be red flags.

The first thing we see is the Fidelity Investments logo which happens to be a company I have been doing business with for several years. At first glance, any untrained person would typically be comforted by the sight of the logo.  This is a common tactic used by cyber criminals to comfort their prey and weaken our defensive mindset.

Just below that we see Account Locked in big black bold letters,

Right below that is a big orange button that is prompting us to Get Started. I’m sure by now, we can all see the red flags here… one might think.

But… think for a moment about how we typically behave on the computer as we sludge through emails at work day after day, or just play around in our emails clicking whatever may come into our paths of natural human inquisitiveness. I could have reflexively hit that button if I were not paying attention.  If I were a betting man, I’d bet pushing that big orange button would have been the beginning of a whole lot of problems and headaches that would have most likely adversely affect the quality of my life for many years to come.  The cyber criminals are betting if they send out enough of these types of emails, a certain percentage of recipients will fall prey and push that big orange button… and many do.

This is where the practice of cyber vigilance pays off!

10 Ways to Avoid Becoming a Victim of Phishing Attacks

  • Learn to Identify Suspected Phishing Emails (take some time to review this case study)
  • Check the Source of Information from all Incoming Mail
  • Never Go to a Website by Clicking on Links in Emails you do not recognize
  • Enhance the Security of Your Computer (set spam filters to high, patch and update frequently)
  • Enter Your Sensitive Data in Secure Websites Only (must begin with ‘https://)
  • Periodically Check Your Accounts (look for irregularities within accounts)
  • Be Mindful that Phishing Attacks Come in Various Forms Through Various Industries
  • Phishing is a Global Issue and Knows All Languages
  • If Even a Smidgen of Doubt, Do Not Click (reject any email asking for confidential data)
  • Stay up to Date on the Latest Malware Threats (there are an estimated 500,000 new malware variants being released into cyberspace daily)

Upon further review of this email, I noticed in the top section the email states Fidelity Investments, but the actual email address to the right does not even reflect a fidelity address.  Stopping to look for simple signs like this can keep you from becoming a victim of a phishing attack.

As we head into the fall season, make it a point to practice cyber vigilance daily and I promise your new on-line behaviors will help keep you safe in cyber which will make for a joyous holiday season!

We would love to hear from you. Please share your input or comments.

Sources:

  • http://www.pandasecurity.com/mediacenter/security/10-tips-prevent-phishing-attacks/
  • http://www.phishing.org/what-is-phishing
  • https://en.wikipedia.org/wiki/Phishing

Cross-posted from The Park Press