Related Posts

Tags

Step Up Security

CISA tips to thwart phishing attempts

By on Apr 10, 2022 in Technology

Perhaps you’ve noticed it in your email inbox or text messages: there is a recent uptick in the number of attempts to gain private information that compromises your personal and financial security, as well as that of organizations and corporations.

According to a recent report from Proofpoint, email-based phishing attempts became increasingly successful in 2021, as did ransomware attacks. As many as 83 percent of organizations said they experienced a successful email-based phishing attack in 2021, compared to 57 percent in 2020. These upticks appear to be continuing in 2022.

data phishing hacking online scam concept, with laptop and envelope hook

Across a variety of industries, phishing attacks are becoming more prolific and targeting employees from entry-level to executives. That means it’s more important than ever to protect yourself and your business by exercising vigilant technology safety protocols and learning best prevention practices.

The U.S. Cyberinfrastructure and Security Agency (CISA) offers the following tips that can help you and your organization avoid these attacks.

  1. Understand the threat. Phishing is a form of a social engineering attack, which means that common social norms are used to gain and compromise information about a company and its technology systems. Messages claim to be legitimate communications from vendors, banks, employees and other business contacts, but are really fraudulent attempts to obtain confidential information from recipients. The imposter may even offer information that claims to support their identity.
  • Be skeptical, even when a message appears to be from a trusted source. An attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. They could also pose as a vendor who needs account information changed or even an internal employee who claims to need verification of information. When users respond with the requested details, hackers can use it to gain access to accounts.
  • Learn the common indicators of phishing attempts. They include:
  • Suspicious sender’s address. The sender’s address may imitate a legitimate business or closely resemble one from a reputable company by changing a few characters. 
  • Generic greetings and signature. A general greeting like “Dear Valued Customer” or “Sir/Ma’am” and a lack of contact information are often indicators of a fake email.
  • Spoofed hyperlinks and websites. Malicious websites may look identical to a legitimate site, but the URL may be shortened or use a variation in spelling or a different domain (such as .com or .org instead of .net).
  • Spelling and layout. Poor grammar and sentence structure, misspellings, and inconsistent formatting sometimes signify a phishing attempt.
  • Suspicious attachments. An unsolicited email requesting you download and open an attachment is a common vehicle for malware.
  • Recognize other types of scams. “Vishing” is a social engineering attack that uses voice communication to result in sensitive information being provided over the phone. Attackers can use VoIP and caller-ID masking to falsify their identities. “Smishing” is the use of text messages with links that when clicked, may automatically open a malicious browser window, email message or dial a number.
  • Know how to avoid being a victim and what to do if you are. CISA offers a full list of best practices to recognize scams, as well as how to proceed if you believe you have been successfully targeted. These are great resources to share with your entire organization. Find them here.

Proofpoint also recently reported that fake job offer emails are becoming increasingly common. The bottom line: no matter what type of communications you’re receiving, exercise extreme vigilance to protect yourself and your business from bad actors and the challenges of undoing the damaged caused by a successful phishing attempt.