Phight the Phish

This Cybersecurity Awareness Month, get smart about Phishing

As part of the monthlong campaign for Cybersecurity Awareness Month from the Cybersecurity and Infrastructure Security Agency (CISA), this week, we're focusing on the theme: Phight the Phish. The goal: empowering you to spot and thwart phishing attempts to prevent attacks on your network, including ransomware and other malware.

Phishing attacks are a form of social engineering, which means a cybercriminal leverages human interaction to gain access to data or your network. Read on to learn how to identify and avoid a phishing attack.

Understanding phishing attacks

Phishing attacks can be incredibly sophisticated, and often can trick an unsuspecting network user into giving away critical information or access to your accounts or computer system. So, what is a phishing attack and how can you spot one?

Phighting the Phish means identifying potential phishing attacks before you fall victim. It's tricky and requires an immense amount of diligence. That's because attackers have become adept at making themselves seem legitimate—so that victims don't suspect a thing. They do this by posing as a trusted organization, a coworker, a representative of a company, or even a member of your organization's leadership team. Often they will use email and a hyperlink to a malicious website to gather data they need to access financials, drain accounts or gain access to your network. Attackers also often take advantage of emerging situations such as natural disasters, health crises, economic concerns, charitable giving opportunities, elections, holidays, and other events as a springboard for their attack. All it takes is an unsuspecting user to click a link, and your network data could be compromised. In the business world, this can be devastating, but it can also be harmful to individuals who inadvertently give criminals access to their financials.

Phishing Attacks: Red Phlags

There are many red flags that could help you and your employees identify phishing attacks before they become a victim. Here's what to watch for.

1. Unsolicited requests for information. These can come in the form of texts, emails, or phone calls--even in-person visits from people requesting internal information. Their requests may even seem innocuous, yet cyber-attackers are adept at gathering information in ways that seem harmless, then using that information to commit their crimes. As a rule, avoid providing information about your organization or personal information unless you are absolutely certain of the person's identity.
   
   
2. Poorly written communications with errors in spelling, grammar, and punctuation. When you get an email from an organization you trust, it's typically gone through a robust proofing and messaging process. Errors in emails, including layout problems, should serve as a red flag, and give you cause for pause. In addition, generic greetings should be viewed as suspect, particularly when the call to action requires you to provide any valuable data such as log in information or account numbers.
   
   
3. Sketchy hyperlinks and websites. As a rule, avoid clicking on hyperlinks that appear in unsolicited emails and instead, type the address you wish to visit into the browser bar. Phishers often have domains that are very close to legitimate site addresses, and it can take a very keen eye to catch discrepancies such as a misspelling or different punctuation. Hover over hyperlinks to check them over with painstaking attention to detail, as links may be spoofed. It's important to note that cybercriminals often recreate a legitimate-looking website, fooling many into giving up their personal information. Also, be aware that URL shortening is a common tactic to fool potential victims; avoid clicking shortened URLs
   for that reason.
   
   
4. Unsolicited emails with attachments. Attachments or user downloads are often used to spread malware, so it's important to view unsolicited emails with attachments or hyperlinks as suspect. Be especially wary of emails that express urgency—another common strategy for getting unsuspecting users to act before thinking critically about the potential for a phishing attack.

A top cybersecurity consultant can help protect your data

The best way to Phight the Phish is to never become a victim—and that starts by working with local experts in the cybersecurity space. Locknet® Managed IT offers a wide variety of strategies to help protect you and your organization from phishing attacks. With the right cybersecurity partner in place, your staff can have the regular training they need to identify phishing attempts, and your network can have the tech tools and anti-phishing features to shore up your protection against malicious actors.

Contact us to learn more about our full slate of network security solutions: from full-service protection to a la carte services. We can customize network security to fit your business's cybersecurity needs.