Malicious phishing attempts starts and stops with you

Why me?

Phishing attempts are elaborate schemes you must take part in in order to be a victim.

It is all about you and:

• your personal information
• your account information
• your access to a shared or home network
• your shopping habits
• your ability to recognize an attempt as an attack

Know the facts.

What is phishing?

Phishing is a type of cyber-attack specifically created to gain sensitive information. Attackers will try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts.

What happens in a phishing attack?

See the following illustration.

What happens in a phishing attack?

Watch out for the following phishing attacks while working:

• Business Email Compromise (also known as CEO Fraud)
  • This type of phishing occurs when a cybercriminal sends an email to a random employee, typically someone who works in the accounting or finance department while pretending to be a higher level manager or executive.
  • The goal of these emails is often to get their victim to transfer funds to a fake account. This also includes payroll direct deposits.
• Clone Phishing
  • The attack creates a virtual replica of a legitimate message and sends the message from an email address that looks legitimate.
  • Any links or attachments in the original email are swapped out for malicious ones.
• Domain Spoofing
  • This method of attack uses either email or fraudulent websites.
  • Occurs when a cybercriminal “spoofs” an organization or company’s domain to:
  • make their emails look like they’re coming from the official domain
  • make a fake website look like the real deal by adopting the real site’s design and using a similar URL.
• Spear Phishing (91% of all phishing attacks start with spear phishing)
  • Utilizing social engineering tactics (such as email subject lines with topics of interest) to help tailor and personalize the emails to their intended victims.
  • Intended to trick victims to open the email to click links and open attachments.
  • The goal is to steal data or to install malware onto the recipient’s computer to gain access to their network and accounts.

Other types of personal and organizational phishing:

• Evil Twin
• HTTPS Phishing
• Smishing
• Vishing
• Water Hole Phishing

Tip of the Day
How do I protect myself from phishing?

Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection. Here are four steps you can take today to protect yourself from phishing attacks.

Four Steps to Protect Yourself From Phishing

1. Project your computer by using security software
   Set the software to update automatically so it can deal with any new security threats.
2. Protect your mobile phone by setting software to update automatically.
   These updates could give you the critical protection against security threats.
3. Protect your accounts by using multi-factor authentication.
   Some accounts offer extra security by requiring two or more credentials to log into your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
   • Something you have — like a passcode you get via text message or an authentication app.
   • Something you are — like a scan of your fingerprint, your retina, or your face.
   Multi-factor authentication makes it harder for scammers to log into your accounts if they do get your username and password.
4. Protect your data by backing it up.
   Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.

Questions?

Contact your Technology Solutions Department.