The Cyberattack Series: Phishing
As our use of the internet and the accompanying technologies skyrockets, the avenues of which we are vulnerable also grow exponentially. From small attacks such as hacking a printer through its wifi, to large scale commercial attacks aimed at disruption, it’s important to stay aware of how we can secure our data.
To this end, in this article, I will be covering some of the most common cyber-attacks and some best practices to prevent them. While these aren’t necessarily fool-proof methods, these methods can greatly reduce your chances of being the next victim.
What is it?
One of the, if not the most common cyberattack out there; but what is it? Phishing at its core is a social engineering attack where the attacker will attempt to trick the user into performing some form of action. This can include a variety of tasks including:
- Clicking a spoofed link that may look the same or be using a shortened URL:
Normal Link: https://example.org
Spoofed Link: http://examplee.org - Downloading some file or folder that may include malicious software
- Requesting personal information such as your bank account, or social security number
In most cases, these actions will involve sharing personal information or downloading some file or software onto your device.
How does it work?
How do these attackers get you to perform any of these tasks? Social engineering is the act of psychologically manipulating someone in order to obtain something. In the case of phishing, these attacks can come in multiple forms, centering around a trusted individual or institution. It could be as small as an attacker posing as your co-worker asking you to help them with an urgent issue, or as large as the attacker spoofing your bank tricking you into thinking your bank account has been compromised.
A seemingly inconspicuous email from your bank asking you to reset your password can easily mask the attempted phishing attack. The attacker might spoof a website that looks almost exactly like your banks website, except when you enter your username and password, the attacker now has your information.
Prevention
So how do you prevent it? Some phishing attacks are blatantly obvious, poor grammar in an email, no logo, a link that clearly doesn’t match; but some are so cleverly disguised that if you’re briefly looking through your email, you won’t even notice.
In terms of banks or larger institutions, you’re more likely to get a call from an unknown/1–800 number or have mail directly sent to your permanent address if you are truly a victim of fraud.
Any emails you receive, ALWAYS take with a grain of salt. First, make sure the email matches the institution/acquaintance and no discrepancies exist. Next, if they do send you a link, the first tell-tale sign is the link itself, does it match the institution? If so, is the link HTTPS or HTTP?
NEVER download any attachments unless you are certain it is not malware. GMail has a built-in anti-virus scanner to ensure that file is not malicious. However, if you run into the case where it is, GMail will notify you prior to downloading that the email does contain a suspicious attachment.
However, the best thing to do in these scenarios if you are truly unsure is to directly contact whoever sent you the email in the first place. A phone call directly to your friends, family and any associated institutions should easily be able to confirm if they recently attempted to contact you.
Conclusion
Phishing can easily be prevented if you are conscientious and put a little more attention to detail. Ensuring that an email and its contents are valid should always be in the back of your mind. If you take these simple steps and educate others, you can greatly reduce you and your organization’s chances of falling victim.
Below are some great resources to look into if you want to learn more! I hope you enjoyed this article and thank you for taking the time to read! :)
