Bad Actors Are Phishing: Don't Bite!

Don't fall for phishing attempts.

Phishing and social engineering attacks have become increasingly prevalent in today's digital age, making it crucial to know how to protect oneself.

Definitions

Phishing is a form of social engineering in which the attacker provides what appears to be a legitimate communication (usually e-mail), but it contains hidden or embedded code that redirects the reply to a third-party site in an effort to extract personal or confidential information.

Social Engineering is the process of using social skills to convince people to reveal access credentials or other valuable information to an attacker.

Spear Phishing is any highly targeted phishing attack. (Whitman, 2018)

First and foremost, it is essential to be cautious when responding to unsolicited emails or messages, especially if they request personal or financial information. Whitman (2018) best describes phishing and related activities as follows:

"Some attacks are sent by e-mail and may consist of a notice that one’s e-mail storage allotment has been exceeded. The user is asked to log in, to run a test program attached to the e-mail, or even to log into their “bank” account (spoofed by the attacker) to verify their balance. While these attacks may seem crude to experienced users, the fact is that many e-mail users have fallen for them. These tricks and similar variants are called phishing attacks."

"Phishing attacks use two primary techniques, often in combination with one another: URL manipulation and Web site forgery. In URL manipulation, attackers send an HTML embedded e-mail message or a hyperlink whose HTML code opens a forged Web site. In Web forgery, the attacker copies the HTML code from a legitimate Web site and then modifies key elements. When victims type their banking ID and password, the attacker records that information and displays a message that the Web site is now offline."

"Spear phishing—While normal phishing attacks target as many recipients as possible, spear phishing involves an attacker sending a targeted message that appears to be from an employer, a colleague, or other legitimate correspondent to a small group or even one person."

"Pretexting, sometimes referred to as phone phishing, is a purely social engineering attack in which the attacker calls a potential victim on the telephone and pretends to be an authority figure in order to gain access to private or confidential information, such as health, employment, or financial records" (Whitman, 2018).

Here are my basic tips to avoid the phishing schemes:

• If an email is in spam there may be a very good reason. Before opening any spam check the sender details. If you do not recognize the sender or the email address looks fishy DO NOT OPEN EMAIL!

• Listen to your gut. If an email states that you haven't paid your bill when you have already received email confirmation, it is most likely a scam or phishing.

• Always verify the source before clicking on any links or attachments, as these can contain malicious content.

• Keep software and operating systems up to date, as hackers often exploit vulnerabilities in older versions. Be very vigilant!

• Enable multi-factor authentication whenever possible, as this adds an extra layer of security.

• Educate yourself on the latest techniques used by attackers

• Stay informed about potential threats. Unsure of what to do? Stop and get help!

  By following these preventive measures, one can greatly reduce the risk of falling victim to phishing and social engineering attacks.

Reference

Whitman, M. (2018-05-03). Management of Information Security, 6th Edition. (VitalSource Bookshelf version). vbk://9781337671545/page/25

Call or text Joe via WhatsApp or Telegram: 205-431-6149 if you need help.