FIGHT THE PHISH!

We’ve all been subject to a phishing attack at some point, whether we know it or not. We all receive false messages from a superficial contact or even a reliable and well known source without knowing the true identity of the sender. Those attacks are especially designed to convince you to click on a malicious link or allow access where access should not be given.

At this point, phishing is widely accepted as a “given” — part of daily online life. However, attackers keep inventing and discovering new ways to social engineer their victims by preying on their natural curiosity, trust, and compassion for others. And today, there are plenty of phishing attempts that aren’t so obvious and can potentially fool even the most careful online users.

Some of the most popular — and seemingly reasonable — phishing emails include fake broadcastings from online payment or internet service providers (claiming there is a “problem” with your account); phony communications from your employer’s IT department (seeking passwords or other sensitive information that somebody can use to gain access to corporate systems and data) and so many more.

Spot Phishing Attempts and Defend Your Digital Identity with These Simple Tips:

1. Choose your friends wisely. It's solid advice in real life so imagine just how critical it is to follow this advice in the digital world. If you receive a LinkedIn message or Instagram friend request from someone you don’t know, do not respond, accept, or click on any links within the message … which leads to tip #2.
2. Don’t click on hyperlinks. Never click on a link from an unverified source. And remember, even emails sent from familiar sources can lead to issues: malware, ransomware and viruses can spread by scanning your device for other email addresses, then sending themselves to those email addresses in messages supposedly “sent” by you.
3. Urgent? Not so fast … Many phishing emails and messages attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. In case you receive a suspicious email that appears to be from someone you know, reach out to that person directly. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
4. Step away from that personality quiz — and think twice before you post that update. Sure, social media quizzes are so funny but they’re also an excellent way for attackers to get a hold of your personal details. While taking a seemingly meaningless question, you may disclose things like your full name, birthday, employer etc.…?The same advice applies to your regular social media posts — think twice before you put too much out there. Cyber criminals can use all your personal information to take advantage of you. What’s more, you could be handing them the answers to your security and password recovery questions.
5. Turn off location sharing whenever possible. Attackers can use location-sharing information to create phishing messages that seem very timely and relevant.
6. Protect your personal computers and mobile phones. How? By installing antivirus software and personal firewalls on your devices and making sure they’re set for automatic updates. It’s also essential to keep business and personal use separate — especially if you’re working remotely: don’t use your corporate device out of convenience to browse the internet, online shop, scroll through social media or check personal email.
7. Take back control of your spam folder. While not every message that falls into your spam filter is a phishing email, many of them are. Take some time this month to clean up your spam folder.
8. Protect your online accounts with multi factor authentication. The passwords and passphrases you use should be as long and complex as possible — and never used in more than one place. But if you think passwords alone will protect you, think again. Many digital accounts such as email, online banking and social media give you the option of enabling MFA to add an extra layer of protection to the sign-in process. MFA typically combines at least two of the following:
9. Something you know: a password, PIN or answer to a security question
10. Something you have: a mobile device
11. Something you are: a fingerprint or facial recognition.