top of page

Gone Phishing - Protecting Against Phishing Attacks

Oct 30

5 min read

0

2

0

What is Phishing?

Phishing is a term in Information Technology and Cybersecurity that refers to the malicious practice of using hyperlinks to break into a user's internet/intranet connected device. The goal of this practice can vary from information harvesting to extortion for money and much more. The use of hyperlinks is generally to download a script or executable program file into your computer that would give access to a malicious actor or run a program automatically that would do the same.


Depending on your work history, you may have had some educational classes that inform you about what phishing is and how to spot it. A limitation for classes like this can be that they are not staying current with the evolving hacker practices. Phishing was historically an email specific practice in the early days of mass adoption of the internet. In the time since, phishing has evolved to include text messages with links and more recently QR codes also. There isn't a limitation with where this could eventually go from here.


How can you Spot Phishing?

As scary as it sounds, protecting your smartphones, laptops, computers and other internet connected devices can be a simple repetitive practice by you and any others in your family or organization. Everyone falls victim to this kind of attack eventually. The common occurrence for when phishing is successful is when you are exhausted, overwhelmed and/or emotionally pressed.


In order to protect yourself, you need to be aware and incredulous about communications that are being sent to you. Some historical indicators were email addresses, bad punctuation and an urgent need to respond to the sender. A sense of urgency, much like the high-pressure sales person at a car dealership is a quick indicator that you need to review the message carefully before clicking any links. Some consideration of whether you were expecting the message and likely to be asked to do something is important to think about also.


You have probably read a lot of high fantasy about AI or artificial intelligence. At this time, this is not important to consider as it doesn't exist currently. What you and many others may mistaken for AI is a combination of data harvesting your personal information and targeting you by your personal indicators such as age, interests, race, shopping habits and more. Sometimes it can be challenging to spot the difference between a real Amazon email and a fake one from a malicious actor. When in doubt, go directly to the source of your assumed sender such as Amazon if the email says Amazon and login directly through their website without clicking on any links in the message. This is the most secure method of verifying the message without interacting with it.




How can you respond to Phishing Attempts?

What can you do to protecting against phishing attacks? Well that is a complex answer. There are many different steps to protecting yourself beyond scrutinizing your email box. A great first step is to be careful what you click for. Verify with the source outside of the message when in doubt such as calling the source with a number you have before the message is received, send an email or login directly with a link you have used before.


Targeted phishing campaigns rely on the gathering of your information sold via breaches and on the data brokerage market. As this is the increasingly common version of phishing attack, you need to be prepared. A strong approach is to remove your personal information where possible online first. The following steps will help you with that.


Credit Locking

One approach you can take is to lock your credit to prevent any unsolicited credit offers from being sent to you via mail, email and text message. This cuts down on the clutter coming to you, making it easier to spot what is important. It is a free service that all three major credit bureaus, Equifax, Experian and TransUnion are required to provide thanks to legislation from the United States federal government. You may need to do an internet search with the name of each provider and credit freeze to find it. The bureaus hide this option to sell services to you that you could be getting for free.


The links to each are here, but they could become out of date. Please send us an email and we will update this article accordingly.


Data Brokerage - Personal Data Removal

A second approach that may depending on the quality of the service or if you do it personally is to request the removal of your public information from data brokerage companies online. Pretty much search your name and go through each company with your information and submit a request to remove your information. This will take time, generally in the months range, but if you keep at it, your information will disappear online and be sold less - resulting in your information getting stale and less valuable to send phishing attempts to.


Social Media to Private

This may sound more like a privacy breakdown, but making all of your social media accounts private, friends view only is another way to reduce the likelihood your posting information is used against you, and also reduces the likelihood of a social engineering attack (more on this one in the future). If you need assistance with changing your account to private or verifying that it is, search the name of the company and private view only and you should find instructions directly from the company's site about how to do so.

Gone phishing visual with a fishbowl and sharks.
Gone phishing visual with a fishbowl and sharks.

Wrapping Up - Protecting Against Phishing Attacks

It hasn't been mentioned in this article up to this point, but a strong personal security approach in your personal life makes for a more reliable and informed worker in an organization. We bring our habits into the workspace, whether they are good or detrimental. Information is key to staying on top of your personal cybersecurity.


As we reach a point where daily life is virtually impossible without at least one computer, it is imperative that you take some time out of your regular routine to ensure you are staying on top of your security. You need to remain aware when checking messages from any source and ensure that they are expected to arrive and are from a trustworthy source. It is not a bad habit to be vigilant in a quickly changing landscape for information technology even if you don't work with it directly.


As the imposter from Harry Potter and the Goblet of Fire book, who impersonated an auror - dark wizard catcher, Constant Vigilance! The irony here is not lost on the relevance of this in cybersecurity.



Check out our article about password security to increase your data protection for access to your accounts.



Additional Sources for Reading


National Institute of Standards and Technology (NIST)

Phishing information for businesses

https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/phishing


Cloudflare

Introducing Cloudflare's 2023 phishing threats report

https://blog.cloudflare.com/2023-phishing-report/


Cybersecurity & Infrastructure Security Agency (CISA)

Recognize and Report Phishing

https://www.cisa.gov/secure-our-world/recognize-and-report-phishing


Comments

Commenting has been turned off.
bottom of page