Phishing is a serious crime. In 2020, the Federal Bureau of Investigation shared a Public Service Announcement about the rise in fraud schemes related to the COVID-19 pandemic. There were a large number of phishing emails asking people to verify personal information in order to receive an economic stimulus check from the government. There has been talk in the news around this topic, but government agencies are not sending unsolicited emails asking for private information in order to send money.
The FBI has also reported fake Centers for Disease Control and Prevention (CDC) emails or other organizations claiming to offer information on COVID-19. The links and attachments within these emails deliver malware to your computer to steal your personal information or lock your computer so hackers can demand large sums of money in order for you to take back control.
Can you imagine this happening to you and your business? If you or your employees don't know what phishing is or how to protect yourself, something like this could potentially happen to you. Let’s dive into the details of phishing and what you need to know.
What is Phishing?
Phishing.org defines phishing as, “a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.” Allowing hackers to gain such information may result in identity theft or financial loss, and we know neither of those aren’t on your bucket list for 2022. So, what can you do?
Identify Common Techniques Cybercriminals Use
The world of technology is ever-evolving, which means cybercriminals are consistently creating new phishing techniques. Below are three common techniques with examples to keep you on the lookout.
Sense of Urgency - There’s nothing like an email that pops in your inbox three minutes before 5:00 P.M. stating, “Your bank account will be suspended in five minutes due to an expired password. Update your password now.” Oh no! The bank is about to close, and you need your money. It’s date night and you’re paying. There’s no time to call, so you better update it now, right? Wrong. Your bank wouldn’t send you an email with a link to update your password, especially one that short. The notification would be shown when you open your bank account app or login from your bank’s website. This email is the work of cybercriminals. Keep in mind, no date night is worth the amount of money you could lose from hackers gaining access to your bank account.
Hyperlinks - A free trip to Universal Studios in Orlando sounds pretty rad - Jurassic Park all the way - but why you? We know you’re a lovely human being who deserves a free trip to Universal Studios, but what are the chances of that really happening without entering some sort of drawing? Rate that possibility from 1 to 5 with 1 being “not likely” and 5 being “Of course it’s free! I’m awesome and you don’t know what you’re talking about.” Unfortunately, we’ll have to rate that a 0. Always hover over the hyperlink. In this instance, the hyperlink is www.universelorlando.com. The misspelling is a giveaway. Universal Orlando knows how to spell their own name, so don’t click the link, no matter how much you want to see those dinos!
Attachments - It’s your coworker Johnny’s birthday on Friday and you know your coworker Susan is planning a surprise birthday party at the office. On Tuesday, you receive an email from firstname.lastname@example.org titled: “John Doe’s Surprise Birthday Party - Invitation and Details Attached!!” Do you click on the attachment titled “John’s Big Surprise?” No, because you notice two suspicious things right off the bat. One, that’s not Susan’s work email and two, Susan would never title anything “John’s Big Surprise.” The whole office has called John “Johnny” since day one. Why would she go back to John? She wouldn’t. The email sender isn’t Susan - it’s a phish! The attachment could contain ransomware or other viruses, so report it as a phish to your security team and let your coworkers know. It might spoil Johnny’s surprise birthday party, but it’s better to be safe than sorry.
How to Protect Yourself
The Federal Bureau of Investigations (FBI) takes cybercrime seriously and they want to make sure you and your business stay safe. They’ve identified six ways to protect yourself from the destructive work of cybercriminals:
- Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
Even though you know what phishing is, what the common techniques are, and know how to protect yourself, you may still be a victim of a phishing attack. We understand, it happens. Do you know how to report it? There are two ways you can go about this. One, you can report the email as a phish to your security team, and two, you can report the phishing attempt (or if you’ve been a victim of a phish attack) by filing a complaint with the FBI’s Internet Crime Complaint Center (IC3).
At Involta, we want to keep you and your business safe from cyberattacks of all kinds. There’s never a time when you can say, “it won’t happen to me.” Chances are, it will happen to you, which is why you need to stay up to date with the latest cybersecurity news and know how to keep your business secure. Contact us today for more information around security and how we can help your team Get There.