Cybersecurity and phishing

Learning to not take cybercriminals' bait

In today’s complex digital world, cybersecurity has become a major concern for individuals and businesses across the globe. With an estimated 5.3 billion active internet users across the world today, a cyber-attack can come from anywhere at any time.

Specifically, one of the biggest threats to cyber security is something called “phishing.” Phishing is when scammers use fake emails, social media posts and direct messages, purporting to be from a reputable business. This fraudulent practice is used to induce recipients to reveal personal, and most often financial, information.

What to look for

While some phishing attempts are obvious and easily identifiable, others are often either more sophisticated or easily overlooked. It’s important to know what to look for when discerning between legitimate and fraudulent online communications. One of the most obvious indicators that an email, for instance, is fraudulent is that it comes from a public email domain. For example, no legitimate business will ever send you a message from “@gmail.com.” Sometimes the sender will even include a customized name to appear legitimate, for instance, AccountSupport@gmail.com, but it’s imperative to remember that the important part of the email address is what comes after the “@” symbol.

Another key factor to be aware of is misspelling. Often times we don’t catch or check every letter of an email sender’s address or every word of their message, but these are practices to be conscientious of. If you receive regular emails from your financial institution, doctor, or anyone or any business with whom you regularly communicate, a good practice is to save them to your address book.

Further, be aware of suspicious attachments and think before you click. While the contents and delivery method of phishing emails vary, they all contain one thing: a payload. A payload is seen in the form of an attachment you’re told to download, or a link to a bogus website. The purpose of these payloads is to capture sensitive information such as financial information, credit card details, phone numbers or login credentials.

Oftentimes, these attachments and links are accompanied by a message that has an urgent call to action. For instance, scammers will send fraudulent emails telling you that your bank account security has been compromised and to “click here to immediately change your password.”

What to do

If you think that an email is fraudulent, it’s safer to call the business at a verified phone number to have them confirm or deny your suspicion. If the message is fraudulent, you can most likely simply delete the email. If you recognize that an email sent to your work address may be fake, report it to your IT manager promptly. Remember, one spam email can infect a company’s entire system! You can take further steps to protect yourself and your company by blocking the address from your email service.

Of course, there are preventative measures to take to avoid becoming a victim of phishing in the first place. Creating strong passwords is one of the best ways to prevent a cyberattack. Use long and complex passwords—even better, have your computer or phone generate them for you, and change these passwords often.

Another way to ensure the security of your information and online presence is to enable multi-factor (also called “two-factor”) authentication. This process is a way to verify your identity twice when logging into sensitive websites and apps. For example, by entering your password on the web, then entering credentials sent to your phone to verify that it is indeed you who is logging in, you vastly decrease the chances of a cybercriminal accessing your online accounts. Multi-factor authentication is one of the best ways to prevent a fraudulent login attempt from a scammer. For more resources on how to ensure online security, see Southland’s tips on account safety.

Remember, phishing comes in many forms. While the most common type of phishing is seen in the form of email-- texts, phone calls and social media posts are becoming increasingly popular in the cybercrime world.