In an age where e-mail reigns as the major form of communication, people are finding more creative ways to obtain your personal information and attack your computer security. Technology evolves and so do the minds of those scheming email attacks. This is why many of us get hooked by “phishing” emails.
What is Phishing?
Webopedia defines Phishing as “the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.”
The best way to reduce the risk of having an employee succumb to a phishing attack is by having a comprehensive cybersecurity strategy in place. The cybersecurity services we offer provide automatic threat response and containment, security awareness training, and proactive threat hunting.
Spear Phishing is another form of computer security attack
Phishing attacks that are directed at someone in a more personal manner, rather than millions, are also known as Spear Phishing because they are aiming at a particular target. These are more difficult to identify as malicious because many times you will see a lot of information that ‘looks’ legitimate. It may contain information that may be relevant to your job or a company/service you may use.
You may receive an email that says it is from a company you have done business with or even your bank. It may be addressed to you by name and show that a recent transaction could not be completed and to “please click the link below to get more information.” Once you click the link, however, you may have already done the intended damage without being aware that the link was malicious. It could also go further by taking you to a website that looked safe and asked for personal/account information.
Be Aware of Attachments
Another popular example that would be common in the work place would be someone sending you a ‘secure’ attachment to download or unzip. These types of attacks work similar to above where you think you are unzipping a secured file when in fact it is an executable file that will harm your system and possibly others.
If your employees inadvertently download malicious files, your entire network is at risk. How will you maintain business operations if your files are inaccessible? Having a disaster recovery plan in place that provides business continuity is a critical step in protecting your business from a phishing attack.
How to Prevent Computer Security Attacks
So how do you not take the bait? There are several precautions you can take that will make you a harder catch.
Bad spelling can indicate phishing
Look for bad spelling and grammar. While sometimes subtle, these can be the best indicators.
Be wary of any hyperlinks that they instruct you to click on. One way to see if a link is suspicious without actually clicking it is by moving your mouse curser over the link. If you’re using a webmail client like Yahoo Mail or Gmail, look at the bottom right corner of your browser. This will show you the web address the link will take you to if you were to click on it. Take care in reviewing the spelling of these as well. Some have been known to omit a letter to look close to the real thing. For example: “www.microsoft.com” vs “www.micrsoft.com”. Pretty sneaky, yes?
Don’t offer personal information
Be very cautious of an email that is asking for any personal information. Legitimate companies will not do this via email unless you are actively purchasing something from them or registering for an account. Legitimate Web sites use Secure Sockets Layer (SSL) or other security technology to help protect the personal information that you enter when opening a new account and when signing in to the site thereafter.
Security is indicated on your browser’s status bar by a lock icon. Additionally, the Web address is preceded by https:// (note the “s” after http which stands for secure) instead of the usual http:// in the browser’s Address bar.
Tips for Improving Your Computer Security
With all this in mind, here are a few rules of thumb to help you in the future:
- Don’t click links in emails that look suspicious.
- Do not download attachments from people you don’t know.
- Never reply to emails that request personal information.
- You can also help by reporting any phishing attempts to [email protected].
Having an experienced IT services partner will shore up your business operations to help prevent and mitigate cyber attacks and lost revenue. Nutmeg Consulting has the advanced technology solutions to help you prosper. If you’d like more information on preventing phishing attacks, download our guide 10 Reasons SMBs Need Better Cybersecurity.