The weakest link
There’s a reason why hackers are sending out more phishing emails than ever — it works
There’s a good chance you will soon get an email from a friend, co-worker, or trusted company asking you to open a document, or click on a link.
I have one word of advice: Don’t.
Why? The email could be from a hacker trying to steal your money or information by posing as someone you know and trust.
It’s called phishing, and while these types of emails have been around for years, they’ve become an increasingly popular way for hackers to get what they want.
That’s because it works. In fact, most data breaches and ransomware attacks start out with someone clicking on a phishing email.
Computer operating systems, anti-virus software, web browsers and Wi-Fi routers have improved security over time, but people remain vulnerable because, well, we’re only human.
And bad actors have become a lot better at tricking people. For example, they research social media accounts to learn personal details that help them to pose as friends.
The phishing emails often contain urgent messages, such as urging you to reset your account for security reasons, or saying that you have a late payment, or are due a tax refund.
Hackers also create fake web pages of companies that look very convincing. They host the pages on domain names that are often just one letter off from the actual web address of a well-known company, a tactic referred to typosquatting.
A recent report found that four percent of recipients click on the links sent in any phishing campaign. Remember, it only takes one person to compromise a computer system.
Here are ways to protect yourself:
- If an email asks you to take action, such as signing into an account, contact the organization directly. Do not use links or phone numbers embedded in the email. Visit websites by typing the address into the address bar.
- Only open an email attachment, including PDFs, photos and text files, if you are expecting it and know what it contains. If not, call the sender before opening any file because it could contain a virus such as ransomware.
- Be careful about posting personal information on social media. Criminals will use it to pose as someone you trust in an email. They also may use the information to attempt breaking into your accounts.
- Keep your antivirus software up to date, as well as all other applications on your computer. Home users should have the auto update feature enabled.
- Enable two-step verification, if available, on all your accounts. This involves signing in as usual with a password and login, but also typing in a security code that’s texted to your phone or generated by a smart phone app, such as Google Authenticator. This protects your account, even if a hacker gets your login and password.
- Consider using a Domain Name System service, such as Quad9, that will block your computer from visiting web pages known to have malicious content. That will potentially provide a layer of protection if you accidentally click on a bad link.
For more information, please visit the Federal Trade Commission site on phishing.
Sincerely,
Agnes Kirk, Washington State Chief Information Security Officer
Ph: 1.888.241.7597 or cybersecurity@ocs.wa.gov
