Posts

True story: At a company I once worked for, employees received an email about an unexpected bonus. In private Slack channels, we wondered whether it was a well-played phishing attempt. Turns out, the bonus was legit, but so was our inclination to question it. Phishing—when cybercriminals pose as legitimate institutions to get info or money from you—is the origin of up to 90 percent of breaches and hacking incidents, says Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security in Alabama.

These cyber bad guys have even taken it to the next level with “spear phishing,” a practice of sending emails that appear to be from someone you personally know. “This happened to me once and it was a humbling experience,” says Adam Doupé, director of the Center for Cybersecurity and Digital Forensics at Arizona State University in Tempe. Turns out, the email seemed to be coming from a colleague, and Doupé was boarding a plane when he got it so he wasn’t as careful as he would normally be. “I ended up replying with my cell phone number,” recalls Doupé. “When the phisher responded with a request to send gift cards, the alarm bells went off.”

Knowing that a cybersecurity expert got played, an average person has to be hypervigilant. But could you be missing out on legit offers and emails because you’re being too cautious? Your first line of defense: install a protection software (like Malwarebytes). This sort of protection that lives on your computer, coupled with our expert tips below, will stop phishers in their tracks.

3 Ways To Tell If It’s Phishing Or Not

Experts say there are a few things you can do if you’re unsure whether an email is a phishing attempt.

1. Check the email address carefully.

Hover your cursor over the full email—not just the sender’s name—to see if anything looks off. “For instance, instead of .com, the address may contain .ru,” says Cilluffo. (.Ru indicates that it’s from a Russian server.) Compare the address on a recent email to one that you’ve responded to previously.

2. Call or text the person you think may have sent the email.

Ever receive an email from a friend or colleague and it seems off? Maybe it’s much briefer than usual or perhaps they addressed you by your full name rather than a nickname. Trust your gut, and don’t respond or click on any links or attachments until you’ve verified the email. While it truly may just be a link to their kids’ fundraiser, it could be the work of a cyber criminal trying to get you to download malware—aka malicious software.

3. Verify through an independent news source.

Sometimes you may receive an email about an important recall notice or info about a class-action lawsuit. Search on a trustworthy news site whether the link contained in your email appears in any news articles, suggests Doupé.

Bottom line?

Cyber criminals are getting more and more creative at making their phishing attempts appear legitimate. Go with your gut, slow down to verify the validity of messages you receive and install a protection software (like Malwarebytes) to stop phishers before they start.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from yahoo.com SOURCE

The hacker’s message is urgent and aimed directly at you. We’ll teach you how to keep from getting duped.

Everyone has access to something a hacker wants. To get it, hackers might aim a targeted attack right at you. The goal might be stealing customer data that’s useful for identity theft, your company’s intellectual property or even your personal income data. The latter could help hackers steal your tax refund or file for unemployment benefits in your name.

Targeted attacks, also called spear-phishing, aim to trick you into handing over login credentials or downloading malicious software. That’s what happened at Twitter in July, where the company says hackers targeted employees on their phones. Spear-phishing attacks also often take place over email. Hackers usually send targets an “urgent” message and include credible-sounding information specific to you, like something that could have come from your own tax return, social media account or credit card bill. These scams aim to override any red flags you might notice about the email with details that make the sender sound legitimate.

Despite corporate training and stern warnings to be careful who you give your password to, people do fall for these tricks. In addition to the Twitter fiasco, there was the release of Hillary Clinton campaign chair John Podesta’s emails, including his technique for making risotto (hint: keep stirring!). Podesta reportedly entered his personal username and password into a fake form designed by hackers specifically to capture his credentials.

Another consequence of falling for a spear-phishing scam could be downloading malicious software, like ransomware. You could also be convinced to wire money to a cybercriminal’s account. So how do you avoid falling for a spear-phishing scam? By taking these security habits to heart.

Know the basic signs of phishing scams

Phishing emails, texts and phone calls try to trick you into visiting a malicious website, handing over a password or downloading a file. This works in email attacks because people often spend the whole day at work clicking on links and downloading files as part of their jobs. Hackers know this and try to take advantage of your propensity to click without thinking.

Despite corporate training and stern warnings to be careful who you give your password to, people do fall for these tricks. In addition to the Twitter fiasco, there was the release of Hillary Clinton campaign chair John Podesta’s emails, including his technique for making risotto (hint: keep stirring!). Podesta reportedly entered his personal username and password into a fake form designed by hackers specifically to capture his credentials.

Another consequence of falling for a spear-phishing scam could be downloading malicious software, like ransomware. You could also be convinced to wire money to a cybercriminal’s account. So how do you avoid falling for a spear-phishing scam? By taking these security habits to heart.

Know the basic signs of phishing scams

Phishing emails, texts and phone calls try to trick you into visiting a malicious website, handing over a password or downloading a file. This works in email attacks because people often spend the whole day at work clicking on links and downloading files as part of their jobs. Hackers know this and try to take advantage of your propensity to click without thinking.

Despite corporate training and stern warnings to be careful who you give your password to, people do fall for these tricks. In addition to the Twitter fiasco, there was the release of Hillary Clinton campaign chair John Podesta’s emails, including his technique for making risotto (hint: keep stirring!). Podesta reportedly entered his personal username and password into a fake form designed by hackers specifically to capture his credentials.

Another consequence of falling for a spear-phishing scam could be downloading malicious software, like ransomware. You could also be convinced to wire money to a cybercriminal’s account. So how do you avoid falling for a spear-phishing scam? By taking these security habits to heart.

Know the basic signs of phishing scams

Phishing emails, texts and phone calls try to trick you into visiting a malicious website, handing over a password or downloading a file. This works in email attacks because people often spend the whole day at work clicking on links and downloading files as part of their jobs. Hackers know this and try to take advantage of your propensity to click without thinking.

Because spear-phishing scams can be so tricky, there’s an extra layer of caution you should apply before acting on a request that comes over email or the phone. The most important of these extra steps: guard your password. Never follow a link from your email to a website and then enter your account password. Never give your password to anyone over the phone.

Banks, email providers and social media platforms often make it policy to never ask for your password in an email or phone call. Instead, you can go to the company’s website in your browser and log in there. You can also dial back to the company’s call customer service department to see if the request is legit. Most financial institutions, like your bank, will send secure messages through a separate inbox you can access only after you’ve logged onto the website.

Beat phishing by calling the sender

If someone sends you something “important” to download, asks you to reset your account passwords or requests that you send a money order from company accounts, call the sender of the message — like your boss, your bank or other financial institution, or the IRS — and make sure they really sent it to you.

If the request came by phone call, you can still pause and double check. For example, if someone says they’re calling from your bank, you can tell the caller you’re going to hang up and call back on the company’s main customer service line.

A phishing message will often try to make the request seem incredibly urgent, so you might not feel inclined to add an extra step by calling the sender to double-check. For example, an email might say that your account has been compromised and you need to reset your password ASAP, or that your account will expire unless you act by the end of the day.

Because spear-phishing scams can be so tricky, there’s an extra layer of caution you should apply before acting on a request that comes over email or the phone. The most important of these extra steps: guard your password. Never follow a link from your email to a website and then enter your account password. Never give your password to anyone over the phone.

Banks, email providers and social media platforms often make it policy to never ask for your password in an email or phone call. Instead, you can go to the company’s website in your browser and log in there. You can also dial back to the company’s call customer service department to see if the request is legit. Most financial institutions, like your bank, will send secure messages through a separate inbox you can access only after you’ve logged onto the website.

Beat phishing by calling the sender

If someone sends you something “important” to download, asks you to reset your account passwords or requests that you send a money order from company accounts, call the sender of the message — like your boss, your bank or other financial institution, or the IRS — and make sure they really sent it to you.

If the request came by phone call, you can still pause and double check. For example, if someone says they’re calling from your bank, you can tell the caller you’re going to hang up and call back on the company’s main customer service line.

A phishing message will often try to make the request seem incredibly urgent, so you might not feel inclined to add an extra step by calling the sender to double-check. For example, an email might say that your account has been compromised and you need to reset your password ASAP, or that your account will expire unless you act by the end of the day.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from CNET.com  SOURCE