We’ve already written a little bit about how users on your business network stand as the biggest vulnerability to your cybersecurity efforts. It is a lot easier for hackers to trick people, and capitalize on human error, than it is to bypass sophisticated technological safeguards.
When a hacker wages war on a network user, there is one time-honored weapon that they often rely on to get the job done: Phishing.
Understanding what phishing is
You may be familiar with the concept of phishing — perhaps you were unaware of the actual term. While phishing can come in a few different forms, it is ultimately the practice of trying to extract personal or sensitive information from a user so that the hacker can use that information for their own personal gain. This can be anything from your social security number and financial information to internet passwords.
Phishing dates back decades, and is one of the most commonly-used tricks by hackers. There are even some high profile cases of phishing that show up in the media from time to time. If you followed the 2016 United States presidential election, you may already know that phishing played a central role in the hack of the Democraft National Committee. Fooling a single person into giving up personal information caused a nationwide controversy.
The destruction can be just as severe for your business, which is why it’s important to train users in identifying these phishing attacks.
Phishing attempts have never been more sophisticated and convincing
This is bad news for users. Hackers are able to spoof websites, send you email from official-looking addresses and take other measures to gaining your confidence.
In fact, phishing scams can come from hackers posing as big, recognizable brands like PayPal, Netflix, Facebook, Amazon or even your banking institution, tricking you into clicking a link or downloading malware that will give up your personal information.
“Spear phishing” is also a tactic where a hacker specifically creates a scam that is tailored to you individually, incorporating your personal information or using the names of friends or co-workers to suck you in.
Even relatively savvy internet users can fall for a phishing scam, but here are some tips and tricks to suss them out.
- If you receive an email from someone you’re familiar with, but something doesn’t seem right, connect with that person or party in a separate email, or over the phone, to confirm that the communication is genuine.
- Refrain from posting personal data on social media when it is open to the public. If you really feel the need to include this information online, make sure your social media channels are only accessible to trusted individuals.
- Pay close attention to the email address of the sender and the website URL that you are being linked to. These will often look genuine upon a glance, but show signs that they are an imposter. For instance, if you get an email from someone claiming to be from Bank of America, and they’re emailing you from a non-official looking account — or even a generic address, like GMail — that’s a major red flag.
- One of the more obvious tips is to never download an email attachment unless you are completely confident in its contents. It’s important to be careful when you’re browsing the internet, as well. Careless browsing can compromise your security just as much as a phishing email. Know where you are going online and don’t be diverted by suspicious clickbait.
Working with a trusted IT firm to get all the necessary cyber security measures in place is a given, as well. Still, all the cybersecurity solutions in the world aren’t enough to make up for bad decisions by a user, so keep your work force on high alert!