Phishing 101: What You Need To Know About This Security Scam
Psst: CISOs and experts, this is one of our beginner-oriented articles! If you're looking for more advanced material, we recommend a dive into the blog archives!
By now, if you are even moderately online you’ve heard of phishing–and we’re referring of course not to jamming out at Phish concerts but to the much less fun phenomenon of cyber crimes in which targets are contacted virtually by someone pretending to be legitimate person or organization to lure people into providing sensitive data and usually ultimately money. Usually, scammers will use email or text messages to trick people into giving them personal and financial information.
Here at Cybermaniacs, we take phishing security scams very seriously–because they are serious business. Imagine the potential outcome if a bad actor gains access to your personal information, bank accounts, and passwords–you can lose money, intellectual property, access to important accounts, countless hours dealing with the fallout, and even become a victim of identity theft (which thanks to The Office we all know affects millions of Americans per year).
Beyond the personal risks, there are serious repercussions for businesses if sensitive information gets into the wrong hands, and it happens a lot more often than you might think. In fact, if you’ve ever gotten an email from an organization you belong to about a data breach that compromised email addresses and passwords, that can sometimes result in someone at that organization falling victim to a phishing scam.
The bad news? Scammers can be, unfortunately pretty crafty about launching numerous creative attacks that keep up to date with trends and organizational information to increase their chances of success.
The good news? With the proper cybersecurity training, tools, and support, you and your team can know what to look for to avoid cyber scams like phishing and not fall victim to these types of crimes. Read on for our best advice to build a metaphorical fortress around your sensitive online information so that not even the smartest of scammers can get through it.
Click, Click, Doom
Let’s break down the phishing basics. There’s almost no way to avoid getting phishing emails (although we highly recommend a strong spam filter), so we instead shift our focus to knowing what kind of messages raise the phishing red flag and how to avoid clicking on the links inside of them. Cybercriminals use this type of attack because it works.
Often, phishing scams will tell a story to try to trick you into clicking on a link or opening an attachment. To do so, they usually set up their message to look like its coming from a company or someone you are likely to trust–they are known to go to great lengths to do this.
One common example is that scammers often to go to a company’s Linkedin page and use the name and title of someone you are likely to trust and open emails from, like a boss or a leader in the company. They might even find and copy this person’s exact email signature so it is hard to discern you are looking at a scam email and not a legit email.
Another scamming approach is to pretend to be a bank or utility company or organization like your bank alerting you to suspicious activity and prompting you to log in and reset your info. Once you log in using their fake links, they will have access to your username and passwords and can wreak havoc.
Scammers take advantage of our fast-paced world and emotional reactions to successfully trick people. If you open an email quickly and it looks legitimate, you may have an emotional reaction before you investigate further. Or, you may be on autopilot and quickly click a link to secure your “bank” account before realizing the email wasn’t actually from your bank at all. It’s important to keep in mind that legitimate companies will never ask for your password or payment information in emails or text messages.
How do we prevent phishing?
Since phishing scammers are getting smarter and smarter, it means we have to stay on our toes too. Here are our top suggestions to prevent phishing:
Educate yourself about cybersecurity. If you are reading this blog, you’re already doing great–congrats (and thank you!). Keep that momentum going. We can help.
Always update your devices. We know, it’s annoying. But much like going to the dentist for cleanings and checkups, it’s a necessary annoyance to keep things running healthily. Life hack: it’s best practice to keep automatic updates on so that you don’t have to think too hard about it.
Use Multi-Factor Authentication (MFA) whenever possible. Having MFA turned on makes it more difficult for scammers and threats to gain access to sensitive information systems, even in the event that passwords are compromised through hacks or attacks.
When in doubt, seek out confirmation. If you get an email or phone call and your phishing spidey senses start tingling, it’s always better to check in and verify. If you get an email from your boss that seems a little suspicious, ask them through another channel (text, DM them on slack or teams, or call them) to see if it’s legit.
If you get a phone call from someone claiming to be a governmental agency like the FBI, you can usually find a number to call from the agency’s official website to check if it’s a scam or not. A little investigation can go a long way to prevent cyber scams.
Back up your data. If you’re locked out of your physical device by a bad actor, you want to make sure that your data is stored somewhere in case you need to wipe any devices.
Report phishing attempts when they pop up. Flagging scams to the government helps everyone stay safer. Report attempts via the FTC website.
If your team needs cybersecurity support, we’ve got you. We can offer bespoke training that engages employees, assessments to determine your baseline cybersecurity score, and more! Drop us a line to learn more by booking a quick call today. In the meantime, check out our helpful video on Phishing below.