Recognize phishing attacks

Before the month of October ends, let's take a moment to acknowledge National Cyber Security Awareness Month.

It's arguably the most important and least understood awareness months out there.

Proclaimed by the President each year, Cyber Security Awareness Month encourages the public and industry to understand the importance of cyber security. It also sends a warning to be vigilant when it comes to the technology we rely on every day, at home, at work and in the use of myriad internet-connected devices.

And remember this: Human error is responsible for most data breaches. You truly are the weakest link in your cyber network, and chances are you don’t even know it.

As the FBI warns, cyber security means acknowledging everything from data breaches resulting in the compromise of personally identifiable information to intrusions into financial, corporate and government networks and complex financial schemes.

A Range of Threats

There are plenty of cyber threats to worry about, the FBI acknowledges:

Ransomware is type of malware that infects computers and restricts users’ access to their files or threatens the permanent destruction of their information unless a ransom is paid.

Business e-mail compromise (BEC) scams are types of payment fraud that involves the compromise of legitimate business email accounts — often belonging to either the chief executive officer or the chief financial officer—for the purpose of conducting unauthorized wire transfers.

Intellectual property theft involves robbing individuals or companies of everything from trade secrets and proprietary products and parts to movies, music and software.

What About Phishing?

Phishing attacks are perpetrated by cyber-criminals who want to gain access to your sensitive data. Hackers can:

  • Pose as someone you know to get you to reveal personal information about yourself
  • Pose as a government or other official to get you to reveal your personal or financial data
  • Trick you into downloading malware on your computer to gain access to sensitive data

Types of Phishing Attacks

Most phishing attacks are large-scale. Cybercriminals send out as many hacking attempts as possible to net a small return. But sometimes phishing gets more specific.

  • Spear Phishing is the act of targeting a specific victim or group of victims using convincing details
  • Whaling means targeting a powerful individual, like a CEO, to gain access to highly sensitive data

Spotting a Phishing Attack

There are a number of clues that can help you spot a phishing attack online. Red flags: a friend request on social media from an existing friend; an email from a large company with poor grammar and misspellings; any phone call that threatens your bank account if you don’t take immediate action.

Phishing doesn’t stop when you log off the computer either. Sophisticated cybercriminals are employing new techniques and reviving some old ones to intimidate you into giving up money or personal information.

Vishing or voice phishing involves a phone call with a threat of monetary or even physical harm. The caller will have just enough information to make it seem real. They may even be calling from a familiar phone number using phone spoofing techniques.

Even text messages aren’t safe anymore. Most people now get promotional offers by text, so cybercriminals are texting malicious links and other dubious requests for personal info.

Persistent IRS Scam

One of the most notable cases of this comes in the form of the IRS scam, where cybercriminal pretending to be IRS agents call and tell you the sheriff is on his way to your house and if you don’t wire them money immediately you will go straight to jail.

Just this week, there was a major break in the case. After a three-year joint investigation, the US Department of Justice obtained indictments against 56 alleged fraudsters in the United States as well as five call centers in India.

All of them are accused of tricking people into paying alleged tax bills either by wire or by placing money on prepaid cards.

US officials are seeking the extradition of those based in India and warned others engaged in similar schemes.

Stay Safe Online

While it's easy to look for someone to blame, the reality is your online safety is in your own hands. It’s unfortunate, but the best way to protect yourself and the business where you work is to always be suspicious.

Even when you think you are receiving communications from someone you know or an executive at a company where you work, think before responding. Hackers are very talented at pretending to be someone they aren’t.

Learn more about protecting yourself online from this infographic.

phising attacks infographic