Preventing Phishing Attacks
By: Ikzyanid Brache and Mr. Frederique
In our cybersecurity class last week, we learned about phishing attacks. In the spirit of celebrating the National Cybersecurity Awareness Month as a 2020 champion, we’re happy to share a few tips with the PCTA community on how to prevent and recover from a phishing attack on the Internet.
What’s a phishing attack?
Phishing attacks are ones of the most common forms of social engineering techniques. Social engineering “is the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions.” Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information.
Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. In many cases, the attacker uses threats, creating a panic reaction to pressure the user to divulge personal information when filling out an electronic form. For instance in the case of the popular IRS scam, the phisher threatens the user the IRS will go after them for tax fraud if he or she refuses to provide the information. Since the start of the COVID-19 outbreak in January, cybercriminals have launched flows of phishing attacks targeting consumer trust in big name videoconferencing platforms, hospitals, government agencies to steal personal information and harm lives.
How can I prevent phishing attacks?
Phishing attacks are preventable. The National Cybersecurity Alliance and its partners propose these simple steps:
Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email.
Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.
Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
Protect your personal information. If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you.
Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in.
Shake up your password protocol. According to NIST guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
Install and update anti-virus software. Make sure all of your computers, Internet of Things (IoT) devices, phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.
How can I recover from a phishing attack?
If you believe you’ve been victim of a phishing attack or if you’re facing one now as you read this post, here are some steps you can take to recover from:
Disconnect your computer or device immediately from the Internet.
Make a backup of your sensitive personal information or files.
Change your credentials including passwords, bank accounts logins, etc.
Scan your system for malware.
Set a fraud alert by contacting immediately your local banks and/or the most major credit bureaus (TransUnion, Equifax, Experian).
- Report the incident to the Federal Trade Commission (FTC) if you believe your identity is a risk of being stolen.
11 comments:
Hi, I think that having these articles available to us, helps us to be reminded of what we need to do to keep safe. Thank you
Congratulations on this article and good advice. Your suggestions raise several questions for me. Maybe you can address them in a future piece.
1. When "shaking up my PW protocol," are there some practical tips on how to keep track of all the PW's life seems to require these days/
2. Re: anti-virus software, how do I know whether I have it or not? Does it come with my phone? my computer? Do I pay extra for it?
3. How do I scan for malware?
Keep up the good work,
Mr. R
This article was very informative; I like how you added tips on how to prevent these attacks.
Thank you for reminding me of what we need to do to stay safe i also learned a couple new things
it helps us to stay alerted on what we need to do to stay safe. JR
thank you for teaching me ways on how I can recover from a phishing attack.
Thank you for reminding us what the definition is, We should all be alerted.
This was a very informative blog thank you for sharing
this is telling me to carefully look at it before i just start clicking. Very informational
Thank you for this blog it has a lot of important information.
Josue
Mr. R. has raised some very important questions on his comment. First, how can we keep up with all our passwords? As we change our passwords frequently and use different ones for various accounts, keeping up with passwords is definitely a major issue. The best solution is to use a password management tool. Most Internet browsers like Google, Microsoft Edge, Safari, etc. offer to securely save your passwords in the cloud for you. You may also use a free third party software to do just that for you. Check this link https://bit.ly/3jtwOxZ, for some popular names out there.
As far as anti-virus software, you'll be happy to know that the latest Windows 10 comes with a build-in anti-malware called Windows Security that is known to be working very well. So, if you have a windows PC or laptop, you don't need to pay for extra anti-virus software to protect your device. Sometime, for various reasons, having two antivirus installed might slow down your computer. For the phone, you may need to check the app store to see what's available for free, otherwise you may need to speak with your phone carrier.
Scanning for malware is a simple process, but depends on what antivirus software you have. If you choose to use Windows Security like me, click on that link https://bit.ly/3jvlcuG to scan and remove malware from your computer.
Hope we covered all your questions Mr. R. Please, feel free to let us know if you need any additional support.
Post a Comment