Phishing – one of the most common forms of social engineering attack – has been tricking internet users into divulging personal data since the mid-1990s. And this threat is still going strong today, defrauding individuals and organizations on a massive scale and bringing in ill-gotten gains for cybercriminals.
Part of the problem with combating phishing attacks is that they have grown in sophistication and found their way onto new channels. Rather than being an email-only phenomenon, phishing has invaded social media platforms, websites, and SMS messages, among other outlets.
It also has taken on new, more challenging forms. Spear-phishing, for instance, is when a cybercriminal targets a specific organization and mimics legitimate communications within it. In a recent phone-based scam, social engineers used a recorded message to dupe unsuspecting individuals – after delivering a brief introduction, a voice would ask, “Can you hear me?” An affirmative response would be used to sign up the call recipient for services they never actually agreed to.
In thwarting scam attempts, it helps to be aware that phishing attackers can strike from just about any communication platform, and they can look deceptively legitimate. But there’s still plenty you can do to keep from becoming the next phishing victim.
The Federal Trade Commission offers these general tips for consumers:
- Use trusted security software with automatic updates.
- Follow simple best practices for privacy, such as treating your data like cash, protecting your passwords and only sharing your personal data over encrypted connections.
- Avoid emailing personal information or financial data.
- Don’t provide identifying information or financial data to websites unless you put the site address into the browser yourself. Make sure you are on a secure site with an “https” address.
- Review your statements as soon as you get them to ensure there are no fraudulent charges.
- Be careful with email attachments. Even if they are from a trusted source, they can sometimes contain malicious code.
If you’re an organization trying to tackle a phishing problem, it’s critical that your employees are knowledgeable about security practices. A secure network design, monitoring and authorization management can help you mitigate these threats. But the users – who connect to the corporate network – are your first line of defense.
To learn about privacy training and other programs that Lunarline offers to help overcome phishing problems, contact one of our professionals today.