Avoid Phishing scams - beware of suspicious emails and phone calls
Phishing scams are a constant threat - using various social engineering ploys, cyber-criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.
• Phishing scams can be carried out by phone, text, or through social networking sites - but most commonly by email.
• Be suspicious of any official-looking email message or phone call that asks for personal or financial information.
What is phishing?
Merriam-Webster - Definition of phishing
: the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly.
There are different phishing campaigns.
Email phishing or ‘bulk’ phishing - is the most common way to deliver phishing campaigns. The messages are delivered through email and are not personalized. Typically, the emails impersonate banks, financial services companies or email and cloud services companies (Microsoft, Google, etc.).
Spear Phishing–is when an attacker directly targets an individual or company with a tailored communication. The attack can use email, text messaging, or social media.
Whaling – is a spearfish attack directly against an owner or executive with a message tailored specifically for them.
CEO fraud - is effectively the opposite of whaling; it involves the crafting of spoofed emails purportedly from senior executives with the intention of getting other employees at an organization to perform a specific action, usually the wiring of money to an offshore account.
Vishing or voice phishing - is the use of the telephone to conduct phishing attacks. Attackers will dial a large quantity of telephone numbers and play automated recordings - often made using text-to-speech synthesizers - that make false claims of fraudulent activity on the victim's bank accounts or credit cards. The victim is then directed to call a number controlled by the attackers, which will either automatically prompt them to enter sensitive information to "resolve" the supposed fraud, or connect them to a live person who will attempt to use social engineering to obtain information
Smishing or SMS phishing - is conceptually similar to email phishing, except attackers use cell phone text messages to deliver the "bait". Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message.
How can you protect your business from phishing attacks.
• Employee education and training. Train user to spot suspicious emails, texts, phone calls and social media.
• Look out for suspicious emails, check spelling of links (URLs) in emails before you click.
• Protect your phone by setting it to automatic updates.
• Protect usernames and passwords by using multifactor authentication and strong passwords
• Implement email security technology that protects against phishing emails.
• Keep your software up to date.
• Make sure you have backups, and they are running properly.
BounceBack Solution is a cybersecurity company focused on providing cybersecurity solutions.
Cybersecurity tips sourced from UC Berkeley