The Truth about Phishing

The Truth about Phishing?

It seems like every day we are hit with another attempt to steal our private information, both personal and business.?And if we aren’t careful, we could inadvertently fall for one of their tricks to get us to give them access to our online accounts, and therefore, our online identity.?

And unfortunately, phishing, which is a form of social engineering that uses email or text messages designed to make you give them your information, is on the rise.?A Cisco report released in January of this year found that 80% of all reported cyber breaches were a result of successful phishing attempts.?While software can help mitigate the effects of a phishing attack by notifying you at the first hint of malicious traffic, the best protection is to avoid falling victim in the first place.?

How do I know if it is a phishing attempt??

These scammers have become increasingly adept at finding ways to convince us that the message is, in fact, from the business they are trying to represent.?With the main goal of getting your passwords, social security numbers, or account numbers, they usually include the following:?

• There has been suspicious activity on your account
• You need to confirm your personal information?
• Fake invoices?
• Problem with your payment and you need to update your information - these may also typically include a convenient link to update make your payment?
• Offer free stuff?
• Or eligible for a government refund?

Here’s a real-world example of a phishing email as shared by the FTC:?

What is wrong with this picture??While the email visually appears to be from Netflix with the use of their logo and typical email header there are a few problems:?

• The greeting is generic.?If you already have an account with Netflix, they wouldn’t send it out with a generic greeting as they would have access to your account information and name on the account.?
• Misspellings.?If you look in the Need Help section, Help Center is spelled with the British English spelling of Centre.?Netflix is headquartered in the San Francisco Bay and is unlikely to use the British moniker when messaging their customers?
• The email claims the account is on hold because of a billing issue and asks you to click on a link in the email to update your payment details.?While this may be true, the above observations would make the credibility of the email very suspicious.?Never click on a link in an email like this. Instead, go directly to Netflix from a browser and log in that way to verify the legitimacy of the email.?You can also hover over the link to see what the URL is.?Typical phishing links will include a misspelling of the business (such as go0gle) or maybe prepended or extended with extra characters.?

How Can I Protect Myself From Phishing Attacks?

According to the FTC, these 4 steps are the best ways to protect yourself from a phishing attack.?

1. The first line of protection is computer software designed to protect the computer as a whole.?Make sure you set it to auto-update so your computer always has the most recent version of protections as scammers constantly work to find ways around these systems.?

2. Automatically update your mobile phone.?While these may trigger at inconvenient times, it is not quite as inconvenient as a security breach from non-updated software on your phone.?

3. Enable two-factor authentication when possible.?Two-factor authentication means that in order to log into your account, you not only have to enter the user name and password with the site, but they also will send a text message or email or phone call with another code to enter before they will give you access.?Many account providers that deal with sensitive information (and even some that don’t) have begun to require this extra layer of protection, but if they do not, see if and how you can enable it for that account.??

4. Repeat after me.?Back up your data.?We have increasingly emphasized the need for this and here is another example of how you can regain data if you do end up breached by a phishing attack.?Just make sure the backup isn’t connected to your home network.?Some way you can do this is to copy it to an external hard drive or cloud storage.?This goes for your phone as well.??

Educate Yourself on Phishing and Stay Safe Online?

Phishing attempts can come in a variety of ways. From the text message claiming to have a package for you from UPS to the email telling you your account has been breached and you need to update your information. But by following these few steps, you can help avoid phishing scams altogether and keep your devices and data safe.

?If you're reading this and aren't sure if you're protected, schedule a free consultation with A2Z Business IT.???