Protecting Against Phishing Is Everyone’s Responsibility. Following These Best Practices.

 

This email is legit. It has my info and is asking me to verify my account.

The email is from my boss.

The website has “https” protocol and padlock icon. It is safe.

I must respond right away.

Right?

People have come to automatically responding to their bosses or their friends emails. As well as to click on a time sensitive deals. After all a dollar saved is a dollar earned.

Generic salutations, misspellings or wrong domains within a link is a clear sign that the email is not legitimate.

However, there are malicious actors who are not fishing but are phishing when they send emails and host malicious websites.

Malicious actors craft their phishing campaigns to use shortened URLs as a means of fooling Secure Email Gateways (SEG). Such as http://tinyurl.com/YouCanTrustUs

If you receive a suspicious email with a link from a known contact. Don’t just click on the link. First confirm that the email is legitimate by calling or emailing the contact. And do not reply directly to a suspicious email.

Phishing usually comes from an email from a recognized sender.

Many attackers attempt to evade detection from email filters by incorporating legitimate links into their deceptive phishing emails.

When surfing the web people have come to rely websites who’s address start with “https” and also has a padlock icon in the address bar. And they feel secure as they browse the internet.

The HTTPS, Hypertext Transfer Protocol Secure, is an extension of the Hypertext Transfer Protocol. It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security or, formerly, Secure Sockets Layer (SSL).

However, the protocol does nothing to ensure the site itself is not under control of some bad actors.

Next level of Phishing is Spear Phishing

Spear Phishing is a more customizable email attack with the proper salutations and target’s name, position, company, and other information in an attempt to trick the recipient into believing that they have a connection with the sender. Attackers construct email with legitimate contact information that instructs recipients to click on a link in order to rectify a discrepancy with their account. In actuality, the link redirects to a website designed to impersonate vendors login page. That website collects login credentials from the victim when they try to authenticate themselves and sends that data to the attackers.

To Defend Against Deceptive Phishing

In an email look out for generic salutations, grammar mistakes and spelling errors.

Think before you click. Inspect URLs carefully by hovering over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead.

Most popular Internet browsers can be customized with anti-phishing toolbars. These toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites.

Keep operating system with security patches up to date.

Check your online accounts regularly to see if someone hasn’t compromised them.

Change Your password frequently.

Use two factor authentication.

Never share personal or financially sensitive information over the Internet. It could be used against you in a crafty email.

Antivirus software is a must. Antivirus software use special signatures that guard against known technology workarounds and loopholes. Keep your software up to date. Anti-spyware and firewall settings should be used to prevent phishing attacks. Firewall protection prevents access to malicious files by blocking the attacks. Antivirus software scans every file which comes through the Internet to your computer. It helps to prevent damage to your system.

You don’t have to live in fear. By keeping these tips in mind, you should be able to enjoy a worry-free online experience.

#Security

#Phishing

#OrganizationalCulture