From ransomware to SolarWinds, the cybersecurity space has been as hectic as it has ever been over the last 12-24 months. However, for all of the emerging threats and news that are cropping up on the horizon, phishing — one of the oldest pain points in cybersecurity — is continuing to quietly wreak havoc, and is as big of a threat as it has ever been.
Despite often being overlooked in terms of hype, phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene and best practices is an absolute must.
With that in mind, here are a few quick best practices and tips for dealing with phishing threats.
Know the Red Flags
Phishes are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether content is genuine or a potential threat, which is why it is so important to know the red flags. Awkward and unusual formatting, overly explicit call outs to click a hyperlink or open an attachment, and subject lines that create a sense of urgency are all hallmarks that the content you received could be potentially from phish and indicate that it should be handled with caution.
2. Verify the Source
Phishing content comes in a variety of ways, however, many phishes will try to impersonate someone you may already know — such as a colleague, service provider or friend — as a way to trick you into believing their malicious content is actually trustworthy. Don’t fall for it. If you sense any red flags that something may be out of place or unusual, reach out directly to the individual to confirm whether the content is authentic and safe. If not, break-off communication immediately and flag the incident through the proper channels.
3. Be Aware of Vishing and Other Phishing Offshoots
As more digital natives have come online and greater awareness has been spread about phishing, bad actors have begun to diversify their phishing efforts beyond traditional email. For example, voice phishing — or vishing — has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization — such as a healthcare provider or insurer — and asking for sensitive information. Simply put, it is imperative that individuals be wary of any sort of communication that asks for personal information whether it be via email, phone or chat — especially if the communication is unexpected. If anything seems suspicious, again, break-off the interaction immediately and contact the company directly to confirm the veracity of the communications.
Phishing may be “one of the oldest tricks in the book,” but it is still incredibly effective. And although it may be hard to spot when you may be in the midst of a phishing attempt, by exercising caution and deploying these few fundamentals, individuals and organizations more broadly can drastically mitigate the chances of falling victim to a phishing attack.
Learn the Cyber Basics this Cybersecurity Awareness Month
At a time when we are more connected than ever, being “cyber smart” is vital. This year has already seen more than a fair share of attacks and breaches, including the SolarWinds and Kaseya breaches as well as high-profile attacks on the Colonial Pipeline and other critical infrastructure.
Cyber attacks are becoming more sophisticated with more evolved bad actors cropping up each day. Luckily, there are several steps that we can take on a daily basis to mitigate risks and stay one step ahead of malefactors. Here are a few quick tips:
Multi-factor authentication (MFA) adds that necessary second check to verify your identity when logging in to one of your accounts. By requiring multiple methods of authentication, your account is further protected from being compromised, even if a bad actor hijacks your password. In this way, MFAs make it more difficult for password cracking tools to enable attackers to break into accounts.
Use strong passphrases/password manager
This may seem obvious, but all too often securing strong passphrases/password managers is overlooked. People spending more time online during the pandemic has certainly contributed to more bad actors prowling for accounts to attack. Using long, complex, and unique passwords is a good way to stop your account from being hacked, and an easy way of keeping track and remembering your passwords is by using a password manager.
Perform software updates
When a device prompts that it’s time to update the software, it may be tempting to simply click postpone, and ignore the message. However, having the latest security software, web browser, and operating system on devices is one of the best defenses against online threats. So, don’t wait – update.
Do your research
Common sense is a crucial part of maintaining good online hygiene, and an intuitive step to stay safe online is to do some research before downloading anything new you are downloading to your device, such as apps. Before downloading any new learning app on your device, make sure that it’s a by checking who created the app, what the user reviews say, and if there are any articles published online about the app’s privacy and security features.
Check your settings
Be diligent to double check your privacy and security settings, and be aware who can access your documents. This extends from Google docs, to Zoom calls, and beyond. For meetings on Zoom, for example, create passwords so only those invited to the session can attend, and restrict who can share their screen or files with the rest of the attendees.
Being cyber smart and maintaining stellar online hygiene is the best way to protect yourself and others from cyber attacks. No single tip is foolproof, but taken together they can make a real difference for taking control of your online presence. Following these tips is also easy, and free. By taking preventive measures and making a habit of practicing online safety, you can decrease your odds of being hacked exponentially – and prevent lost time and money, as well as annoyance.
Find out more about Cybersecurity Awareness Month here.
Data breaches have become a part of modern life in our connected world. Everyone is at risk of potential data breaches and having their data used fraudulently. However, just because there is a data breach, it doesn’t mean you’ll become a victim of Identity theft. To avoid any further harm to your online identity, there are certain steps you can take to make sure you contain the threat. These will potentially save your finances, credit score and your identity, keeping them away from criminals.
Here are the steps you need to take right away if you find out that your data has been breached:
1.) Immediately change your password.
These need to be a combination of letters, numbers and special characters. The password needs to be unique to every online account you have. Duplicating passwords gives hackers more chances to access your accounts. Using a password manager can help you store your passwords securely. You also need to change your passwords regularly.
2.) Set up two factor authentication.
Adding two factor authentication increases your protection, companies such as Facebook and Microsoft have these authentication processes in place if you wish to use them. They add an extra layer of security, usually requiring you to enter a code you’ve received via SMS.
3.) Check your credit report and accounts regularly.
Make sure that there is nothing there that is unfamiliar to you, if there is, contact the company straight away and alert them to what has happened, the quicker you act the less damage caused. A credit report allows you to view most of your financial information in one place.
4.) Look out for regular updates from the breached company.
They may release press releases and maintain a feed to the affected parties. For example, users were usually logged out of their Facebook accounts if they were affected in the most recent Facebook data breach. Users should keep up to date with any information regarding the breach by using social media platforms or the company websites, users may also be notified by email.
Following these steps may result in limiting the amount of damage caused by your leaked data. There are many tools that can alert you to suspicious activity and help protect your personal data, such as Cyberman365. There is also a free service offered by the Federal Trade Commission which offers a recovery plan for when the worst happens, you can find it here: https://www.identitytheft.gov/#/
Take a look at our other articles for more useful resources.
You may be shocked to discover just how much these sites share about you.
People data sites may contain your current and previous home addresses, relatives, phone numbers, email addresses, neighbors and more. Anybody can visit these sites and look up your personal data.
Cyber and Privacy expert David Derigiotis has created a useful resource to explain how you can opt-out of these data sites.
This is a great first step to start reducing your digital footprint.
The downloadable resource covers the following points and more:
When removing the information from the following organizations, consider creating an anonymous email.
Consider using the following email service providers which offer users a greater sense of privacy.
These two email providers offer a secure email service with built in end to end encryption. With end to end encryption, content within the email is not accessible by the company itself when emailing within the network (ex. ProtonMail to ProtonMail user). Only the communicating users can read the content.
The list is not exhaustive but will provide a good start for reducing your digital footprint. Many of these sites may require your follow up before successful data removal occurs. Please be sure to record the date you initially contact the service and document once removal is verified. Be diligent. Download our guide with links for the websites that are holding your information and where you can opt-out to remove your data.
Scam alert! Despite instant fraud alerts from banks, victims are still authorizing money transfers straight into criminals’ bank accounts with this convincing scam.
This new scam is skyrocketing in Europe and it’s already started growing in the US too.
The report includes a real life case study featuring a regular family who transferred £25,000 out of their account to fraudsters. Find out where they went wrong so you can recognize when you are at risk.
Find out more with Neil Gurnhill’s in depth piece on the topic.
You may feel like there is little you can do to protect your personal data. However, there are steps you can take to learn about how your data is collected, shared and used. Follow these basic privacy tips to help improve how you manage your personal information and make informed decisions about who receives your data.
Tips to protect your privacy:
Personal info is like money: Personal information, such as your purchase history, IP address, or location, has tremendous value to businesses – just like money. Have you ever received something for free? Installed a free app or downloaded an eBook? If so it’s usually not really free, the cost is access to your personal information. Consider whether the benefit is worth sharing your data.
Keep tabs on your apps. Many apps ask for access to personal information, such as your geographic location, contacts list and photo album, before you can use their services. Be wary of apps that require access to information that is not required or relevant for the services they are offering. Delete unused apps on your internet-connect devices and keep others secure by performing updates.
Check for data breaches. Google Chrome has a super useful feature that alerts you if your accounts have been breached and alerts you to change your passwords. You can also use other sites like https://haveibeenpwned.com/ to see if your email address has been involved in a data breach.