Phishing
Image source: malwarebytes.com/phishing
What is Phishing?
- At a fundamental level, phishing is the attempt by hackers to utilize common digital communication platforms with the intention of deceiving users that the message originated from a credible source
- If phishing attempts are successful, recipients will unknowingly click on links or images that send them to a spoofed source Often times this is manifested as login pages or subscription signup forms
- Hackers usually want victims to give them personally identifiable information such as their online banking credentials, street address, full name, social security number, credit card number, etc.
What Type of Phishing Situations Exist?
- Spear Phishing
- Attackers in their messaging impersonate somebody from a trust company or organization
- Whale Phishing
- Attackers impersonate high-level executives or government officials
- Vishing
- Attackers use a phone call to initiate the phishing attack
- Phishing Email
- Attackers use an email message to initiate the phishing attack
- Smishing
- Attackers use cellular text messages to initiate the phishing attack
What Can I Do To Protect Myself?
- What to Manually Check For
- Subject Line
- Email address/phone number that the communications are originating from
- Check for spelling or grammar errors in the message text
- Look for odd or malformed logos
- Hover over links without actually clicking them
- Look out for messages that convey a threatening or “act fast!” tone
- Legitimate message will NEVER ask for credit card, bank, or social security numbers
- Look out for messages asking for/giving payment, special refund, coupon, or prizes
- When it doubt, throw it out (delete the message)
What Tools Can I Use to Protect Myself?
- Ask you email/text messaging service provider if they provide built-in spam/unknown message filters
- Message filters scan the contents and will remove items from your inbox so you never have the chance to open a potential phishing messages
- Most email providers (ex. Gmail, Yahoo, etc.) have built in options to enable filters for spam/phishing emails
- Many modern phones (including the iPhone) can automatically warn you of potential malicious phone numbers if they call you
- Browser extensions such as Clean Email, Barracuda, or Mimecast will actively scan your emails to detect common patterns of fake emails that you might not catch as quickly (this is not a 100% safe guard!)
How Do I Setup A Email Spam Filter
Good Reminders
- Never…
- click unknown links or call unknown phone numbers
- end personal information, login credentials, or other sensitive information to any message you receive no matter the sender (even if legitimate)
- Always remember…
- to only accept messages from people/companies you know and trust
- to be conscious of who you give you email and phone numbers to
- that NONE of the automated tools are a 100% safeguard!
What Can I Do If I Am A Victim?
- Don’t be afraid and report it to the appropriate person/group in your organization. This will help them be aware of the situation and to let others know so they are do not fall victims also
- If you believe that your bank or other financial institution records and account were apart of the attack, call them immediately and close/freeze all the accounts
- You can also report the attack to the Federal Trade Commission (FTC) who are watchdogs who will try to track down the culprit of the attack
- You can also contact the Anti-Phishing Working Group or the Internet Crime Complaint Center
How Important Is Phishing?
- According to a PhishMe study and Mimecast, 91% of cyber attacks begin with email phishing
- 30% of email phishing is actually opened
- 12% of those targeted open the malicious link
- 97% of people around the world cannot identify a sophisticated phishing email [source]
- 65% of U.S. organizations experienced a successful phishing attack in 2019 [source]
- In 2018, phishing crimes cost victims $48 million, according to the FBI’s Internet Crime Complaint Center [source]
Education Use For education use, we also made a Phishing Powerpoint to help you gain a better understanding the topic.
Video Presentation
Sources
- https://bigdata-madesimple.com/77-facts-about-cyber-crimes-one-should-know-in-2018-infographic/
- https://www.darkreading.com/endpoint/91--of-cyberattacks-start-with-a-phishing-email/d/d-id/1327704
- https://www.braveriver.com/blog/what-is-email-phishing/
- https://staysafeonline.org/stay-safe-online/identity-theft-fraud-cybercrime/spam-and-phishing/
- https://us.norton.com/internetsecurity-online-scams-vishing.html
- https://us.norton.com/internetsecurity-emerging-threats-what-is-smishing.html
- https://about.att.com/pages/cyberaware/ae/smishing
- https://www.mimecast.com/content/phishing/
- https://help.dropbox.com/accounts-billing/security/phishing-virus-protection
- https://www.docusign.com/blog/docusign-update-recent-phishing-attack