Identify and Combat Phishing Attacks
Posted October 11, 2022 by Chris Glanden
In honor of National Cybersecurity Awareness month, Sayers will be releasing a series of short videos focused on various cybersecurity topics. In this episode, I’d like to provide you with some steps to identify and combat phishing attacks.
When a social engineering attack occurs, the attacker uses human interaction (typically via social skills) to obtain or compromise information about an individual, organization, or system. One of the main methods used in a social engineering attack is by way of PHISHING. Phishing is the #1 attack vector cyber criminals use to steal this information. Phishing can come in various formats such as email, social media, SMS messages (smishing) and even phone (vishing). These convincing lures rely on the recipient to take some type of action.. often it’s clicking on a malicious link to infect the system, provide them with sensitive information, or taking an action such as sending funds or purchasing a gift card for them. Adversaries go out of their way to ensure these attempts look authentic and enticing. They can even be targeted to specific users for more lucrative gain (known as Whaling) or to a general population (AKA Pharming). Regardless of the specific name for each, these are all forms of phishing, which we all need to be cognizant of.
Here are 5 quick ways you can combat phishing, and other types of social engineering attacks.
1. Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other sensitive internal information, especially ones indicating “high importance” or “immediate payment needed.” Often, attackers create a false sense of urgency, to have the victim act quickly.
2. Verify the Source. Be sure to check the sender’s name, email address, phone number and other details carefully. The smallest detail could indicate the engagement is not legit. Even if you believe you know the sender, perform your due diligence as the sender’s account may be compromised. If you’re not 100% sure, try to verify it by contacting the source of the known entity directly over a separate communication method.
3. Look for spelling errors, grammar mistakes, suspicious attachment and unusual requests. These are all common indicators of a phishing attempt. Stay vigilant, and always check the contents of a request before you click or respond.
4. Delete or report any request for financial information or passwords. If you get asked to respond to a message with personal information, or provide payment information, it’s a highly likely that it’s a scam.
5. Leverage technology controls such as anti-phishing features offered by your email client and web browser. Also, enforce multi-factor authentication (MFA) as a second layer of protection in the case your credentials are breached.
LASTLY – It’s important to act if you fall victim to, encounter, or suspect a phishing attempt.
DON’T RESPOND. DON’T CLICK ANYTHING. And be sure INFORM YOUR ORGANIZATION’s INFORMATION SECURITY DEPARTMENT ASAP.
That’s all for this episode. If you would like to learn more about Sayers and our service offerings, please visit www.sayers.com. Thank you.