Cyber Security for Employees – Phishing

Cyber Security for Employees - Phishing

Phishing . . . any number of scams that want to hook you and steal from you

Phishing can be an email, IM, phone call or website that tricks you into doing something that gives up your personal information or grants access to your computer. As you can imagine, the name comes from fishing. You bait a hook and see what you get. It is not surprising that so many people are taken in by phishing scams. The scams are quite plentiful and the bait looks like the real thing. Phishing is the number one way of delivering ransomware. And with Ransomware as a Service (RaaS) on the rise, you must protect yourself. In this article, we look at the most common phishing attempts, how to spot them and avoid being a victim. Remember, just like learning anything, it takes practice to spot phishing and other online scams. Keep your eyes open and be vigilant.

Phishing emails with malware

They are so cleaver. They look real and come at a time when your guard is down. Getting you to act, before thinking is their aim. Whether notifications from a bank saying your account is locked or UPS saying your package has been returned, the attack is only successful if you fall for it and click the link. If you do fall for it and click the link, you have probably loaded ransomware. If you don’t have a good backup, it will be a nightmare.

The best way to protect yourself is to be suspicious of every email you get with a link. You can hover over the link to see where it goes. Even with this check, it may look legitimate. If you have any suspicions, don’t click on it. Train yourself to always use your browser to access secure sites for banking, shopping, etc.

Spear Phishing

This is a phishing attack specifically targeting you. They may have gotten your information from a hacked contact’s list, LinkedIn or your company web page. These are especially troubling because they seem to know much about you.

Phishing emails looking to get your login

We have seen so many of these lately. They are trying to get you to put in your email login and password. If you do, they will log into your email account and steal your contacts. Your contacts become their next set of victims. Not only will they send malware to your list, but they will try the same tactic to get their email lists. Phishing email is the number one way to deploy malware so the more email addresses they acquire, the bigger the net.

Never enter you email login and password from an email link. Always navigate to the secure site from your browser. If you have any doubt at all, don’t enter your login, password or personal information.

Err on the side of caution

If you have any doubt, stop. Get someone to look at it with you. Think about it. Look at it again. Remember, the phisher is hoping your will act impulsively, not rationally. Often, if you look harder at phishing attempts the scam becomes clear. Take a second look, it could prevent the nightmare of identity theft and ransomware. If you believe an email or other communication may be legitimate, contact the company directly to inquire before doing anything.

Mobile phishing

Fake apps are on the rise. Since so many use their mobile devices for everything from email to banking, cracked and pirated apps are used to nefariously gather personal data. Don’t believe that any device is safe. Never use apps from an unknown source and if you think your mobile device has been hacked, wipe the device and install factory defaults. You’ll have to start again, but better safe than sorry.

Email phishing has many of the same risks on mobile devices. Often the smaller screen and the on-the-go nature of the device, makes it easier to fall for the scheme. Be extra careful of clicking on links and entering data on your mobile. The device may not be prone to the same malware, but scams that get you to enter your login and password can be launched on any platform.

Cloud phishing

We all use the Cloud. Many of us use gmail, Office365, DropBox, iCloud and dozens of other Cloud applications, so it is easy to create phishing emails that target one or more of the Cloud services that you use. Just because you use that service, don’t fall for the email telling you that you must login for any reason. They want to steal your login and password.

If a hacker gets your credentials, you will most likely have to change your password and contact the Cloud service. It is important to determine what was stolen, compromised or modified if they successfully gained access to your account.

Consider two-factor authentication on your online accounts if available. This will give you another layer of protection.

 

If you see something suspicious, report it. Merchants, banks and law enforcement should be contacted if you suspect your identity has been stolen. Phishing can be reported to US-CERT at phishing-report@us-cert.gov, the Anti-Phishing Working Group at reportphishing@antiphishing.org, FTC at spam@uce.gov or the Internet Service Provider/Registrar. If you see something that concerns you and want to discuss, you can contact at our HelpDesk at 770 662-0312 or email HelpDesk@lansystems.com.

Click here for more articles on Cyber Security for Employees.

About Mary

Mary is the CEO of LAN Systems. She is an electrical engineer who feels her greatest strength is the ability to connect with people. LAN Systems provides IT managed services and solutions to growing companies and non-profit organizations. You can contact Mary at mary@lansystems.com.

Speak Your Mind

*