How NOT to fall for a phish: our top tips
No matter how cyber-savvy you are, everyone, and we mean everyone, is susceptible to phishing attacks. That’s because phishes — emails or texts designed to trick you into divulging sensitive data – are well-timed and well-placed. It’s not about being smart enough to avoid phishes; it's about your emotions at the time you see them.
Criminals know how to push those emotional buttons — fear, anger, curiosity, greed, lust, hope — to get you to hand over your sensitive information.
Ninety-three percent of the malicious breaches you hear about in the news start with a phishing email. It’s the quickest and easiest way into organizations. Criminals know it’s simpler to hack humans than to find and exploit weaknesses in technology.
This is what’s called social engineering: manipulating people into giving out confidential info for fraudulent purposes.
Phish or Legit?
It’s getting tougher all the time to identify a phish — we're way past obvious Nigerian prince schemes. Now, hackers convincingly mimic your internet and phone providers; they can threaten to suspend an essential service like your online banking; they can offer you a sweet deal from your favourite pizza place. They’re specific and targeted, and anyone can be duped.
Luckily, there are still some tangible hints that can tip you off to a phish.
If the email or text message:
-is poorly written
-asks you to confirm personal information
-comes from web or email addresses that don’t look genuine
-contains a suspicious attachment
-is designed to make you panic
...then it’s probably a phish.
Stop and step back
Pause and take a breath. Don’t do anything right away — criminals rely on your emotional reaction to their promises or threats.
-Who is sending this to me? Do I know this person or organization?
-Was I expecting this email or text?
-Are they asking for something they couldn’t feasibly need, such as financial or login info?
-Is this too good to be true?
Especially if someone is demanding account information, you need to get in the habit of questioning the sender and their motives.
What if you’ve already fallen for it?
In the workplace, report it to your organization’s IT team right away. If you’re at home, and it involves your credit card or bank, make sure you contact them directly for next steps. This may involve cancelling your credit card, updating your password, or adding another layer of security with multi-factor authentication.
If it involves another service such as your internet or cellphone company, you can reach out to those providers as well — they'll know whether the message is legitimate and can direct you from there.
To avoid being caught, always stay vigilant and aware.
To figure out how your team/organization can reduce cyber risk, reach out to the Beauceron Security Team @ firstname.lastname@example.org or 1-877-516-9245.