Written By: Samuel Pandithurai
Phishing…pronounced fishing. So, what is a Phishing Scheme? In this world of technology things change so fast that the thing you know one moment changes the next. Well there is one thing that is constant in this tech world that will never change. There are bad people out there that want to use technology and the things we love about it to exploit us of our telephone number, email, bank accounts, credit cards, social security numbers, etc. Even right here in the Dallas, Forth Worth Metroplex. That’s basically what phishing is but just for thoroughness sake let me give you the technical definition from Phishing.org.
You might be asking yourself, “Why is this guy telling me this? I already know that there are bad people trying to steal my data from me.”
First off, it’s never a bad thing to get a reminder every now and again. Even the best of us falls into a routine and could easily get tricked into a thing or two.
Second, because there are things that we can control with anti-virus, spam filters, strong passwords, etc., but there is also a human element that you need to be careful about. And that’s what I want to go over.
If you notice with all the different types of Phishing listed on Tripwire’s Phishing Blog, there is always a human element to it. No matter the amount of security software, firewalls, or filters in place, in the end the user decides whether or not those things are even worth a darn. You can use another word there if you like but for Technagy’s sake I’ll keep it clean. We are on the internet, no erasing these words now .
So, I am not going to go over the crazy amounts of different types of Phishing attacks that are out there. Here is just a quick list from PCWorld in case you are interested. There are already tons of blogs and sites out there that can give you info on that stuff, PCWorld being one of them. What I want to do is to give you and I, the USERS, an 8 item list of what we should do to help prevent from falling into an attacker’s phishing scam.
1. Trust your gut and check the web links
I can’t tell you the countless times I have helped a client try to navigate why they got malware on their computer, just to find out they clicked on a link that was on an email from someone they didn’t know. DON’T click on links from people you don’t know. If you are being contacted by a person that is new to you, read the text and reply back in text, no need to click on any links. Think of clicking on links like dating. You have to get to know someone, love someone, feel for someone before you click on their links . A good trick is to hover over any link and just verify that the link is what it should be. For example, an email from Google Docs should have a link with the Google Docs domain in it, google.com. If it is anything other than that, it’s probably best to just hit delete.
2. Be wary of what emails are asking
Have you seen the emails asking for your username, password, social security number, or credit card numbers? If you answered yes, I hope you deleted them. No respectable company asks for these things from a user over email. So, if you see this in your email inbox, delete them. If you feel like it’s a legitimate email, go ahead and be the good techie you know you are and give the company a call and verify that they sent the email. If they did, knock them over the head once or twice for doing it and then proceed to “flip the script” and give them the information requested over the phone.
3. Know your Boss
Check out CEO Phishing from KnowBe4. With Facebook, Twitter, and company “About Us” pages it’s not hard for attackers to learn internal information about companies these days and who the key people are. They can easily find out who the CEO is, their email address and pretend/spoof an employee as if they are them. I have seen companies duped out thousands of money because an employee thinks that their CEO was asking them to wire some money on the company’s behalf or was asking for banking info. In the end, it’s always smart to know your boss. Does he have an iPhone or an Android? Does he say Thank You, Regards or nothing at all in his signature? If you get a reply back from your boss and his signature is “Sent from an iPhone” yet he has an Android, you know something is fishy. Believe me, you’re not going to get fired for checking with your boss if he wants you to wire $100,000 to Tricksters Inc.
4. Look for HTTP vs HTTPS
When you enter data into a website always look for HTTPS, not HTTP. This is found in the URL bar of your browser. Why? HTTP is used widely around the internet but it is insecure. It sends data in plain text. If someone was able to intercept the data between your browser and your server and you sent it in HTTP they would in essence be able to see exactly what you sent. By adding the S to HTTP we add the secure element. Using protocols like SSL and TLS, the data sent over HTTPS is encrypted and thus difficult to read.
5. Check The Spelling
I bet we’ve all seen the emails from our friend the Prince that needs $10,000 dollars to get his billions from some trust or something like that. “Click on this link and send me some money and I’ll give you a 1000% percent return.” If it were only that easy . The one thing you will notice is that these emails have horrible grammar and spelling. That’s because most of these attackers are not native English speakers and thus, when crafting emails make common grammar mistakes. If you catch emails with these mistakes it’s a good bet to avoid doing anything they are asking.
6. Maintain your Tools
Just like our cars and houses, our security tools need regular maintenance. Always check to make sure updates and scans are occurring as planned. A piece of malware doesn’t discriminate just because an update is scheduled but didn’t happen. Doesn’t bother the malware whatsoever. It will still infect and cause havoc to your computer. Do yourself a favor and check your security tools once a week to make sure your updates and scans are taking place as planned.
7. Never stop learning
Keep up to date with all the trends. Like I said earlier the technology of today will not be the technology of tomorrow. Thus, the security of today will not be the security of tomorrow. Things change. Stay knowledgeable of what they are to help stay secure.
8. Ask for Help
And last but not least – ASK FOR HELP! There is plenty in this world I don’t know. For example – how to do pretty much anything on my car. What medicine I should take when I get sick. Cooking in general. So, I go to my mechanic when one of those pesky lights pops up on my car’s dashboard. I go to the doc when I get sick (probably much later than he wants me to), and I know my wife will always be the best cook I know. It’s the same with computers/IT in general. If you don’t know don’t be afraid to ask for help. I always tell my clients, especially in the case of phishing, you can always forward us a copy of the email in question. Our guys will verify that it’s legit or point out if it’s something you need to pay attention to. Shoot; if it is a legitimate Prince we’ll find out and let you know. The point is; ask your IT team if you are ever in doubt! I am sure they would be more than happy to verify rather than have to deal with rampant malware/issues later on. For those of you that don’t have an IT team, I know of a really good one. Technagy.com
It’s been fun putting this together for you. Like us on Facebook and stay in touch for future posts.
Any questions or comments are always welcome. Shoot an email to firstname.lastname@example.org and we’ll get back to you.
Serving the greater DFW area, Technagy is an IT Company servicing Dallas, Fort Worth and surrounding cities. We strive to help businesses regain their freedom without sacrificing IT. If you need help and can benefit from any of our services, we’d love to be your partner in this digital world.
Connect With Technagy Today
Born in New York, New York, Sam moved to Midlothian, TX when he was a child. Currently he lives in Cedar Hill, Texas with his wife & son. He is the Co-Founder of Technagy; a Dallas Fort Worth based IT Firm. He is the Chief Information Officer ”CIO” where he deals with solving complex IT challenges and managing the technology roadmaps of our clients.