You are very much aware that your company or organization is at risk, every minute of the day, from cyberattacks, malware, ransomware, and even benign errors that can put your data at risk. Even a failed backup procedure could mean a loss of critical company and customer data. In today’s blog we’re just going to review one of the most common methods that bad actors use to try to gain access to your data. Phishing. Phishing isn’t a particular type of malware or virus that attacks your data. Instead, it refers to the tools cyber criminals use to get access to your data. Phishing, as the name suggests, is the act of dangling bait in front of you (the fish) hoping that they (the criminal) will get a nibble and ultimately hooked and in the boat. The bait or lure they use can be very intriguing. It will often seem like an emergency or something you need to take action on now! But it’s all a trick.
In phishing attacks, cybercriminals generally send a web link that is disguised to look genuine, and prompt the receiver to share information that will then be misused. For example, an email may be sent to you that looks as though it came from your bank or the IRS announcing a tax refund that your business is eligible to receive. You may be asked to log into your bank account or a fake IRS site and enter your bank details to receive the refund or download a receipt. The cybercriminals will have access to any details you share and later use it to clear out your bank account.
Phishing links may also lead to clone websites. Clone websites, as the name suggests, are websites that look strikingly similar to original websites, but are obviously not the same and are controlled by cybercriminals and used to steal data from unsuspecting victims. Here are a few tips to help you identify clone websites and steer clear of them.
If you receive an email with a link to a familiar website asking you to log into the site or enter your personal information, cross check the URL. Check the spelling and domain, for example, www.amazon.com is the right URL, whereas a clone website may have an URL that looks similar but is not the same. An example would be www.amaazon.com or www.amazon-offer.com Another thing you can do is, always type the URL you intend to visit. For example, if you are being asked to log into your bank account, type your bank’s website address instead of clicking on the link they provided to you in the email.
Sometimes, phishing attacks can be manual as well, meaning, instead of asking you to enter your personal information in a website or a form, the cybercriminal may pose as someone you know and send you an email from an email address that looks authentic and try to get money or personal information from you. Such attacks usually happen if your network or that of your recipient’s has been compromised in a hacking attack, whereby the cybercriminal has some information that they can use to make their messaging sound genuine.
Phishing techniques have advanced over the years, and it’s extremely possible for anyone to fall for these attempts. Nobody is immune. Here are a few tips to help minimize your risk:
1. Train yourself and your staff to recognize the signs of phishing attempts.
2. Verify email requests. It doesn’t take much to double check the source of emails that are demanding you take action.
3. Listen to your instincts. If an email message seems odd, follow that feeling and take known safe measures to validate.