Author: Ralph Collum
Date: April 10, 2020
Email and collaborative services (such as Teams and Outlook) are an organization’s primary way to communicate. We use these technologies every day for work, but we also utilize them to stay in touch with friends and family. With so many people around the world depending on these technologies, they have become one of the primary sources targeted by cyber criminals. We’re zooming in on phishing attacks today to ensure you are armed and ready for these cyber threats.
What is Phishing?
Phishing is a type of attack that uses email or instant messaging to prompt you into taking an action you should not take. Clicking on a malicious link, sharing your password, or opening an infected email attachment are examples of phishing attempts you may see. Attackers want to create messages convincing enough to trigger an emotional response, such as urgency or curiosity. These messages may even look like they were sent from someone you know, such as a friend or a trusted company.
How Do I Protect Myself and My Company?
- Create Strong and Unique Passwords – Creating strong, unique passwords are a great way to ensure your services are secure. On each service you use, see if they provide multiple factor authentication. This feature is an extra step you can take to remain secure.
- Disable Autocomplete and Remember Me Features – If you receive a phishing email that takes you to a site where you are automatically logged in, an attacker could gain access to your account through this convenient feature.
- Always Logout of your Email Account – Remaining logged in to your email account may allow attackers to access your account without being prompted to sign-in.
- Never Share Highly Sensitive Information – If you receive messages prompting you to share information such as your credit card number, password or any other personal information don’t share it until you verify credibility. These messages will often look like they’re coming from organizations you trust such as your bank. Remember, they already know these personal details. Ensure you confirm with your organization that the message is from them by calling before sharing any personal information.
- Don’t Automatically Trust Messages – Be attentive to details such as poor grammar, spelling issues and odd verbiage. These can be red flags showing malicious behavior. Any messages you receive from official organizations asking for personal information should be closely examined and verified before you share any information. Frequently, attackers pose as PayPal or Apple to obtain information.
- Practice Secure Emailing Habits – Email providers have tools that allow you so specify certain email as junk. This feature filters out potential phishing attempts for you. You also want to limit the amount of parties you share your email address with. It is a good idea to use a multiple email address system ex. one for junk, one for business/payments and one for personal use.
Ultimately, knowledge and common sense are your best defense. If an email or message seems suspicious or too good to be true odds are it’s a phishing attack.
To learn more about defending your company and employees from cyber attacks, ask about our CyberSAFE™ class. The class is delivered in a half-day format and entails how to safely protect yourself and your organization from security risks. You’ll also learn how to identify common risks associated with using conventional end-user technology. CyberSAFE™ prepares learners to earn their Certified CyberSAFE™ credential.