Saturday, October 29, 2022

CYBER SECURITY – Phishing/Smishing

You use strong passwords, 12 or more characters long, a combination of numbers, letters, and symbols, you make sure to use a different password for each of your accounts, and you store your passwords in a secure password manager.

Plus, you have set your operating system and your software to update automatically for security and other updates from the originator of the software.

You may think that you have all of your bases covered. But there is one other method that cyber criminals can use to get into your online accounts and your computer, tablet, or smartphone. They can go “phishing.”

Phishing is where scammers send you an email or a text message (called smishing) with links embedded in the email/message that takes you to a website where the scammer collects your personal information or downloads malware that can collect data from your computer for the scammer’s use.

According to the National Cybersecurity Alliance, phishing is the most common cause of data breaches. Phishing exploits a basic weakness of cybersecurity, we human beings.

Phishing attempts employ social engineering techniques to convince you to click on the links in the message. Phishing is especially an important threat for the business world because it can be used to collect intelligence about the company or manipulate the data that a company stores on its computer network as in a ransomware attack. Phishing can affect individuals as targets for identity theft.

The social engineering techniques employ one or more of the following elements:

·         They “Pretend” to be an organization or someone you know. They will impersonate organizations such as Microsoft, Amazon, Comcast, PayPal, or a major bank like Chase or Wells Fargo. They will format an email to look like it comes from the organization. For an attack on a business, they might make the email/text look like it came from a coworker or a supervisor.

·         The scammer will tell you that there is a “problem” that you need to solve. They may provide a link in the email/text that is supposed to take you to a web page that would help you solve the problem. The web page will try to collect your personal information, such as your ID and password for a specific account, your Social Security Number, or an account number. Scammers who target a business might have you move funds (if you are in the finance department) or ask for certain information. In the meantime, the link could also download malware onto your computer.

·         The scammer will “pressure” you to act fast. They will tell you that the problem needs to be taken care of right away or there could be dire consequences to you.

 

When you receive an email or text message, ask yourself the following questions:

·         Does it contain an offer that is too good to be true?

·         Is the language urgent, alarming, or threatening?

·         Are there many misspellings and bad grammar?

·         Is the greeting ambiguous or very generic?

·         Does it ask for your personal information?

·         Does it pressure you to click on a link or attachment right away?

·         Does it make a strange or abrupt business request?

If the answer is yes to any of the above questions, delete the email/text. If the answer is no to the following question, delete the email/text.

·         Does the sending e-mail address match the company that it says it is coming from?

 

Also, report a suspect phishing email. If it came to your business, report it to your IT department. If it came to your personal email account you can report it to your email provider, for example,

·         Microsoft Outlook- https://support.microsoft.com/en-us/office/phishing-and-suspicious-behaviour-0d882ea5-eedc-4bed-aebc-079ffa1105a3

·         Gmail- https://support.google.com/mail/answer/8253?hl=en

·         Mac Mail- https://support.apple.com/en-us/HT204759

 

Here are more resources that explain phishing and smishing,

 

 

National Cybersecurity Alliance:

https://staysafeonline.org/wp-content/uploads/2020/05/To-Click-or-Not-to-Click-1.pdf

https://20740408.fs1.hubspotusercontent-na1.net/hubfs/20740408/Phishing.pdf?utm_campaign=Cybersecurity%20Awareness%20Month&utm_medium=email&_hsmi=215220112&_hsenc=p2ANqtz-8S2-wU4O8ztw09QrtrGmpaPoD7T9TbiO5Pyg1tOVGtPrI9JNsr8c7w97zAytMDJO8pkOWwe-u5qgfFZ0aMKu3RaSYfrL3XhmV-WJ9wIKy6EbTuKwY&utm_content=215220112&utm_source=hs_automation

https://20740408.fs1.hubspotusercontent-na1.net/hubfs/20740408/CAM_2022_Infographics_Phishing_NOLOGO.pdf?utm_campaign=Cybersecurity%20Awareness%20Month&utm_medium=email&_hsmi=215220112&_hsenc=p2ANqtz-_dKAnZVl1XxHhkRx0PqzuZ58gpvaZW6OZuiZsc1cE3vlDHMU1-hYlSPVbVy3VCbmbQ9hqoHIxzNcPXT6Z3GotYtN6p59N0B_rJhXynYWnHYm8kB1s&utm_content=215220112&utm_source=hs_automation

https://staysafeonline.org/resources/software-updates/?utm_campaign=Cybersecurity%20Awareness%20Month&utm_medium=email&_hsmi=228150127&_hsenc=p2ANqtz-98raGuotQG1srXgV-R3FmsHvnRelgYQpPjwvC9E1e-ryz3GhSTSEJtzCeSW4AOW1_mSmTMjReGvOmxx1DQln5rwweLx9EmLm7-I6-tnh7PJxHN6GY&utm_content=228150127&utm_source=hs_email

 

Ask Leo:

https://askleo.com/phishing_how_to_know_it_when_you_see_it/

https://askleo.com/what-is-smishing/

https://askleo.com/7-signs-of-phishing-to-watch-for/

 

Federal Trade Commission:

https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

 

No comments:

Post a Comment