Phishing with a “P”

May 4, 2018

Phishing with a “P”

Many hackers today are using complex phishing tactics to get confidential information or install malware to unsuspecting victims.  Once this is accomplished it is often difficult and time consuming to sort through the damage done by malware and hacked accounts.  Even worse in some cases ransomware is installed and the hijacker will try to extort money from businesses.

Visit our YouTube page to view our video on Phishing –> https://www.youtube.com/watch?v=8pJSth_oh4E

Why should I be concerned?

           Sophisticated phishing schemes can be almost undetectable.  It is easy for a hacker to learn about your social profile online and use information gathered to their advantage.  For example, by reviewing your Fantasy Football activity a perpetrator can learn your favorite teams as well as your win/loss record.  They can use this information to orchestrate a phishing attack after you win.  Imagine getting an email congratulating you on a win and then telling you to “click here” to get a few additional points – seems about right?  Besides, who doesn’t want a few extra points in Fantasy Football?  Bottom line is it is very easy for an attacker to find enough information to appear legitimate when sending emails.

Definitions:

Spear Phishing – Fraudulent practice of sending emails to specific individuals that appear to be from a legitimate source to obtain confidential information. They sometimes can contain personal information gained through online research

Whale Phishing – A phishing attack aimed at a large number of people typically to gather information, or install malware on individuals that click the links within the email.  Usually consists of general information that may, or may not, be accurate to everyone

Malware – Any malicious software designed to damage or disable computers and their operating systems

Ransomware – Malware designed to extort money from computer users

How do I avoid phishing attacks?

  • Don’t click links in emails if they seem even a little bit “phishy” no matter how tempting
  • If you receive a questionable email, call to verify information before following instructions. This is especially important in business related matters when they email might appear to come from a colleague or leader at your company
  • Implement training for your employees so that they are educated on the topic of phishing, what to do if they believe there has been a phishing attack on a company computer and company policies surrounding email practices

Knowing the basics about phishing and being mindful when reading emails will go along way to avoiding attacks.

 

Leave a Comment: