We Still Keep Getting Hooked With Phishing. Just Stop Clicking!
May 1, 2018
You hear about phishing all the time. Unfortunately, no matter how often we hear that term and about what it involves, there is still a large portion of people that fall victim to it. In fact, a recent report by Baker Hostetler found that people falling victim to phishing is, for the third year in a row, the leading cause of data security events. So, if we hear about it so much, why do we still keep getting hooked? One explanation is that we really don’t know what it is. Well, then we will tell you. It’s a type of social engineering that tricks someone into performing a task, such as clicking a link or attachment in email that turns out to either be malicious or request sensitive information, usually unbeknownst to the user. Very often (though certainly not always), the information requested includes online banking credentials or login information from some significant site, such as PayPal. They often will seem to be coming from a reputable source, such as your financial institution, a large technology company, a delivery organization (such as FedEx), or a vendor or partner of your organization. Sometimes they come from completely unknown senders. There is no template or standard anymore, so it’s always important to be aware that at any given time, someone could be trying to hook you.
It’s also important to note that those perpetrating phishing attacks are always shifting tactics. They are coming up with new ways all the time. They also are not limiting phishing to email. They also are using text messaging (smishing) and the telephone (vishing) more and more.
Whoever may send the message, there are some clues to identifying these phishing hooks:
- There is a generic greeting. It’s addressed to a group or just “Member,” for instance.
- It comes from an unknown sender and includes a link or attachment.
- There is a button making it easy to login to “your account.” Often they claim you need to verify details.
- There is a request for sensitive information that you normally would not provide.
- It attempts to convey a sense of urgency, claiming something “bad” will happen if you don’t click or respond right away.
- There are typos or it just isn’t written professionally.
- It comes from someone you know, includes links or attachments, but is unexpected or seems generic or strange.
How to avoid ending up as today’s catch:
Just don’t click links or attachments in email unless you are 100% sure they are safe and intended to be sent.
Keep security software updated at all times.
Use multi-factor authentication (MFA) when it’s available for any account.
Don’t send sensitive information in email. It just isn’t safe in most cases.
Log into your accounts directly using pre-saved links or using addresses you know are secure if you need to verify account details. Don’t click buttons or links to do this.
Respond with questions by finding a phone number off the organization’s website. Don’t call one provided in email or hit the reply button.
By following these tips and trusting your sixth sense, you can often avoid becoming the attacker’s next catch.