The Truth about Phishing

On an almost daily basis we are each hit with another attempt to steal our private information, whether it be personal or for business.?And if we aren’t careful, we could inadvertently fall for one of their tricks and have our online identity stolen.?

Unfortunately, phishing, a form of social engineering that uses fake email or text messages, is very much on the rise.?A Cisco report released in January of this year found that 80% of all reported cyber breaches were a result of successful phishing attempts.?While software can help protect you, the best defense is to avoid falling victim in the first place.?In other words, the best way to protect yourself is being able to "spot a phish" yourself.?

If you're worried whether you've already fallen victim to a phish, then you need to run a Dark Web Scan. Click the link below to request your complimentary Dark Web Scan. If you want to learn more, continue reading to find out how to "spot a phish".

How do I know if an email is fake??

Cyber criminals commonly pretend to be a legitimate business when sending a phishing email and they have become increasingly adept at finding ways to be convincing in this lie.?With the main goal of getting your passwords, account number, or other private information, they commonly use the following lies to trick you:?

• Suspicious activity on your account
• Needing to confirm personal information
• Fake invoices
• Problem with your payment and you need to update your information - these may also typically include a convenient link to update make your payment
• Offering free products
• Eligible for a government refund?

Here’s a real-world example of a phishing email as shared by the FTC:?

What is wrong with this picture??While the email visually appears to be from Netflix with the use of their logo and typical email header there are a few problems that should raise an alarm:?

• Generic greeting -?If you already have an account with Netflix, they wouldn’t send it out with a generic greeting as they would have access to your account information and name on the account.
• Misspellings -?If you look in the Need Help section, Help Center is spelled with the British English spelling of Centre.?Netflix is headquartered in the San Francisco Bay and is unlikely to use the British moniker when messaging their customers
• Forcing to click a link - The email claims the account is on hold because of a billing issue and asks you to click on a link in the email to update your payment details.?While this may be true, the above observations would make the credibility of the email very suspicious.?Never click on a link in an email like this. Instead, go your web browser, type in "netflix.com", and log in that way to verify the legitimacy of the email.??

How Can I Protect Myself From Phishing Attacks?

According to the FTC, these 4 steps are the best ways to protect yourself from a phishing attack.?

1. Keep your computer up to date - The first line of protection is computer software designed to protect the computer as a whole.?If possible, set your computer to auto-update so it always has the most recent security patch.

2. Keep your phone up to date - While these updates may trigger at inconvenient times, it is not quite as inconvenient as a security breach from out-of-date software on your phone.?

3. Enable two-factor authentication - Two-factor authentication means that, in order to log into your account, you not only have to enter the user name and password with the site, but you will need an additional code to login. For example, when your bank texts you the secret code to login, that is an example of two-factor authentication. You can find two-factor authentication?on many websites including Facebook, Amazon, and more. This slight "extra hassle" for logging in is a huge deterrent for hackers.

4. Back up your data -?We have increasingly emphasized the need for this and it is a perfect example of how you can regain data if you do end up breached by a phishing attack.?Just make sure the backup isn’t connected to your home network.?This means copying your data to a hard drive that isn't plugged into your computer or using cloud storage like iCloud or Google Drive.??

Help! I think I’ve been Phished?

If you feel you may have clicked on a phishing link and possibly given your information to a hacker, don't panic. If it was a business account, immediately contact your cyber security provider. If it was a personal account, change the password that was stolen as soon as possible.?

Or if you feel that you clicked on a phishing link and inadvertently may have downloaded malicious software onto a work computer, immediately contact your cyber security provider.?If on a personal device, run a virus scan and update your computer's security software.?(For bonus points and even better security on your personal device, you can set up a local super user.?This is also a great idea for those who want to protect their kids on their own computer.)

Protect your Company and Identity with a Dark Web Scan

From text messages about a package from UPS to emails requesting you to update your account information, phishing attempts can come in a variety of shapes. But by following these few steps, you can better protect yourself from phishing and keep your devices and data safe.??

If you are worried you may have already been the victim of a phishing attack, you need to run a Dark Web Scan to look for stolen passwords. I am more than happy to help make sure you are safe. Click the link below to request a free Dark Web Scan and protect your identity.

Exceed Cybersecurity & IT Services

We help defense contractors cut through red tape and reduce their bottom line with our distinguished, security-first approach to technology and compliance management for CMMC and NIST 800-171.