Social Engineering Series
We are starting a series of explaining what tactics the hackers are taking, and what you can do to protect yourself and your business. We will run through the basics of phishing, watering hole, whaling, pretexting, baiting and quid pro quo attacks, and tailgating. Today, we are discussing Phishing.
Phishing attacks are still the predominate form of social engineering hacks. Email and social media sites, including instant, direct and SMS messaging, are used to gather personal information, or into getting the victim to visit a malicious site.
Some common characteristics of phishing:
*Emails often appear to come from someone you know or have done business with. The email address may be just one letter off from a correct one. Images, logos and text may have been copied from legitimate sites to make it appear more convincing. Be aware, especially if anything is unusual like a money wire or poor grammar.
*There may be a sense of urgency to the email. Don’t be pressured into giving out personal information due to this.
*Don’t click on a link until you are certain it is a legitimate email. Many links appear very similar to actual websites, but be cautious. Double check the web address, and hover your mouse to see what the address actually is linked to, but don’t click yet.