Phishing remains one of the most successful tactics used by hackers to steal sensitive information such as usernames, passwords, and credit card details. In phishing attacks, cyber-criminals disguise emails to make the recipient think it is from someone they trust, and The Department of Homeland Security warns that 97% of people can not identify a phishing attempt. Read the following IT security tips from the OCR to learn the best cybersecurity strategies to prevent a phishing attack.
In the February OCR Cybersecurity Newsletter, they give a great explanation of Phishing and how to avoid being a victim. The newsletter is reprinted below:
February 2018 OCR Cybersecurity Newsletter: Phishing
Phishing is a type of cyber-attack used to trick individuals into divulging sensitive information via electronic communication by impersonating a trustworthy source. For example, an individual may receive an e-mail or text message informing the individual that their password may have been hacked. The phishing email or text may then instruct the individual to click on a link to reset their password. In many instances, the link will direct the individual to a website impersonating an organization’s real web site (e.g., bank, government agency, email service, retail site) and ask for the individual’s login credentials (username and password). Once entered into the fake website, the third party that initiated the phishing attack will have the individual’s login credentials for that site and can begin other malicious activity such as looking for sensitive information or using the individual’s email contact list to send more phishing attacks. Alternatively, rather than capture login credentials, the link on the phishing message may download malicious software on to the individual’s computer. Phishing messages could also include attachments, such as a spreadsheet or document, containing malicious software that executes when such attachments are opened. Phishing is one of the primary methods used to distribute malicious software, including ransomware.
Spear-Phishing is a highly targeted form of phishing where the scammer focuses on highly targeted recipients, making it extremely difficult to detect. A new study is showing that 77% of phishing emails target ten mailboxes or fewer, meaning scammers are becoming increasingly laser focused in their attempts.
Individuals must remain vigilant in their efforts to detect and not fall prey to phishing attacks because these attacks are becoming more sophisticated and harder to detect. Phishing attacks take advantage of popular holidays by impersonating messages from shipping vendors and ecommerce sites. Similarly, phishing attacks regarding tax refunds are common during tax season (March and April). A specific type of phishing attack, known as spear phishing, targets specific individuals within an organization. For example, a spear phishing attack could target an individual in the IT, accounting or finance department of an organization by impersonating the individual’s supervisor and directing the individual to a malicious website or to download a file containing a malicious program. One of the primary methods of combating phishing attacks of all kinds is through user awareness. OCR included information on cybersecurity training and awareness programs in its July 2017 newsletter.
Tips to avoid becoming a victim of a phishing attack include:
For more information on phishing, here are some resources to check out:
For information about Managed IT Services or cybersecurity services, call us at 877-577-6659 or visit our website. You can also request a call from one of our IT Experts below:
Sources:
Article reprinted from the February 2018 OCR Cybersecurity Newsletter.