Back to News & Events

Phishing | October Cybersecurity Awareness Month

October is Cybersecurity Awareness month. Cybercriminals are becoming more efficient in their attempts to hack and take advantage of people. We want to recognize Cybersecurity month by covering some common topics for cybersecurity and offering some tips to help keep you and your information safe!

Today is all about Phishing!

What is Phishing?

Phishing is when someone attempts to get sensitive information from an individual by posing as a safe and creditable source.

Who is subject to Phishing?

Everyone, the more informed and aware you are the less likely it is you will fall into a cybercriminal’s trap!

Common Forms of Phishing:

  • Spear Phishing- This is a targeted attack against certain individuals. The hacker has a certain target they want to get valuable information. The hacker does research into the target to make the attack more personal so they can increase the odds of succeeding
  • Email Spam-Most common. The same email is sent to millions of recipients hoping someone will “bite”. Usually, messages will have an urgent message for the recipient to enter credentials, personal information, financial information, or verify accounts. If the recipient fills out the false form, the attack is successful, and the hacker has the information.
  • Phishing through Search Engines-These are fraudulent sites that offer products at unbelievably low prices when a user tries to buy fake products the hacker has to get financial information-there are also fake bank sites offering false rates.
  • Vishing (voice phishing)-This looks like phone calls designed to get information via the phone- uses fake caller ID. We often call these spam calls.
  • Smishing (SMS) Phishing-Is text message attempts to deceive and get information from recipients
  • Malware- These are found in files attached to emails and once downloaded hacker has access to your computer.
  • Ransomware- This is becoming more prevalent today. Ransomware locks users’ computers and denies access to devices or files until a ransom is paid
  • Domain Spoofing-You will see this in emails or texts that look like coming from a boss or colleague. They can ask for anything from private information to having you purchase products.

How can I protect myself?

You are the best line of defense against cybercriminals.  Before you click, open, download or respond take a second and evaluate the situation.  Here are some ways to identify a phishing scam:

  • Check the email address- if the message is sent from a public email domain such as Gmail it is likely not from a legitimate organization. Most professional organizations will have their own domain.
  • Is the domain spelled correctly? To disguise themselves, cybercriminals will often make the domain name look like a legitimate organization but will misspell company names or use incorrect punctuation or capitalization.
  • The message itself is poorly written or will have many errors
  • Will include suspicious links or attachments-sometimes this looks like an invoice or articles
  • The message will have a sense of urgency. This can be presented as your bank account is compromised so you must immediately secure it, or maybe your password is set to expire and requires attention now.

Ultimately- If it looks suspicious do not engage the message and report it!

Some other great tips include:

  • Keep your software up to date!
  • Use strong passwords! Best practices for passwords include using long, randomly generated passwords. It is also recommended to use unique passwords for each account. You can also use a password manager that will encrypt your passwords and keep them secure!
  • When possible, use Multi-Factor Authentication (MFA). This will give you an added layer of security to your accounts.

At CNE, we have many resources to help keep you safe and protected. Reach out today and see how we can help!

Powered by Lapero