What is PHISHING?
Phishing is an attack vector used by the cyber criminals to trick you into sharing or giving up personal information or taking an action by clicking on a link. Phishing originally described email attack that would steal your online username and password. However, the term has evolved and now refers to almost any message pretending to be from someone or something you know, such as a friend, your bank or a well-known brand.
The messages then entice you into taking an action, such as clicking on a malicious link, opening an infected attachment or responding to a scam. Cyber criminals craft convincing looking emails and send them to millions of people around the world. The criminals do not know who may fall victim. They simply know that the more emails they send out, the more people they will have the opportunity to dupe. In addition, cyber criminals are not limited to just email but will use other methods such as instant messaging on WhatsApp, Skype or Facebook or social media blog posts.
SPEAR PHISHING ON THE RISE
Unlike phishing, where random emails are sent to millions of potential victims, with spear phishing, cyber attackers send targeted messages to very few select individuals. Cyber attackers take time to research about their intended targets, such as by reading the intended victims’ LinkedIn or Facebook profiles or any messages they posted on public blogs or forums. Based on this research, the attackers then create a highly customized email that appears relevant to the intended targets. This way, the individuals are far more likely to fall victim.
WHY SHOULD I CARE?
You may not realize it, but you are a phishing target all the time based on your profile. You and your devices are worth a tremendous amount of money to cyber criminals, and they will do anything they can to hack into them. YOU are the most effective way to detect and stop phishing. If you identify an email you think is a phishing attack, or you are concerned you may have fallen victim, contact the security team immediatel.
To learn more about phishing or to request for a demo please visit www.summitcl.com/security to find out more
- Check the email addresses. If the email appears to come from a legitimate organization, but the ‘from email address shows a different domain, this is most likely an attack. Also check the “TO and “CC” fields. Is the email being sent to people you do not know or do not work with?
- Be suspicious of emails addressed to or with generic salutation. If a trusted organization has a need to contact you, they should know your name and information. Before clicking on links within the email, first hover your curser on the links to confirm accuracy of the URL
- Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them.
- Be suspicious of any email that requires “immediate action” or creates a sense of urgency. This is a common technique to rush people into making a mistake. Also, legitimate organizations will not ask you for your personal information.
- Be careful with links, and only click on those that you are expecting. Also, hover your mouse over the link. This shows you the true destination of where you would go if you clicked on it. If the true destination is different than what is shown in the email, this is an indication of an attack.
- Be suspicious of attachments. Only click on those you are expecting.
- Be suspicious of any message that sounds too good to be true. (No, you did not just win the lottery!)
- Just because you got an email from your friend does not mean they sent it. Your friend’s computer may have been infected or their account may be compromised. If you get a suspicious email from a trusted friend or colleague, call them on phone.