No Phishing Allowed!

  • Press
  • Security

Harshita
October 19, 2021 208 views

A hacker being blocked from his phishing attempt.

Did you know over the past year there has been a significant increase in the number of phishing attacks around the world? According to the FBI’s IC3 annual report for 2020 there were 241,342 complaints in the country with losses amounting to around $54 million. This staggering number is just for phishing crimes itself, when including some of the more harmful attacks on small businesses and companies the amount only increases. However, there are simple ways to help protect your devices from phishing attacks and making sure everyone stays safe.

What is Phishing?

The term Phishing was originally coined around 1966 and is when hackers trick users into clicking on spoofed links in their email or website. Once directed to the fake website the user is tricked into providing sensitive information such as one’s full name, birthday, account numbers, addresses, and even work emails, allowing for the hacker to be able to easily break into a person’s account and steal valuable information. What the hacker can steal and use against you can vary greatly depending on the context; however, it is most common for attackers to attack where there is a monetary value associated. This can include sending emails posing as your bank or a fake website claiming to sell a product that is sold out in other areas. With an increasing number of people depending on technology and online resources hackers are able to easily gather specific information about a single person and their lifestyle.

How can you spot it?

Spotting phishing attacks and protecting oneself takes more than gut instincts. There are some simple ways to spot potential attacks. The image below is an example of a common type of email that a user might receive from an attacker. By looking at the body of the message, there is nothing that is out of the ordinary, it seems like a regular alert message for the user. In this instance first, check the header, the user can understand if the email came from a valid source. In the first image, the message is from alerts@okto.com; however, by reading through the message, the name of the software being mentioned is Okta. This discrepancy between the name of the software being used can be a helpful indicator that this email is not safe.

Another way to make sure that the email or link is from a trusted domain is by hovering over a link. In the image below by hovering over the word link, it shows the pathway that is being taken and, in this case, it is taking the user to a website name okto when it is supposed to be from okta as stated within the body of the email. By making sure this path is consistent with no typos can ensure that the email can be trusted.

Finally, another simple way to spot a phishing is by observing if there are any grammatical or punctuation errors within the email that was sent.

What can you do to protect yourself?

Protecting yourself and others might seem like a daunting task. With so many websites and emails being sent on a daily basis, it is important to take a few precautions to protect oneself.

  1. Protect your computer and mobile devices by constantly updating the software and using security software as necessary.
    1. Many applications, such as email already have built-in software to help protect their users from security threats. However, it is important to check in periodically and update the software so that the device is up to date and can continue to protect user’s data.
  2. Protect your accounts with Multi-Factor Authentication
    1. Multi-Factor Authentication (MFA) is where the application requires two or more sets of credentials to be entered by the user, to access the information. Many applications have this feature and is helpful to use for important applications so that if a hacker does get your username and password they will not be able to access your account and the information inside will still be safe.
  3. Protect your data by backing it up
    1. Backing up information from your computer or mobile device helps reduce the amount of information a hacker can potentially have access to. However, make sure to back up the information to an external hard drive or a cloud storage so that it is harder for a hacker to get access to the information.
  4. Make sure the email is from a trusted user
    1. Using the techniques mentioned above always take the time to make sure that the email is send from a verified and trusted source. It is always recommended, if you are not sure to use another form of communication to make sure the email or message sent is from the intended user.

Last but not least,

  1. DO NOT EVER PROVIDE PERSONAL INFORMATION
    1. This is important and cannot be stated enough. Do not provide personal information to another user through email, no matter how close you are with them. It is always better to provide the information, if possible, in person or by calling the person. Personal information can include account information, important files and documents with company data and information, or usernames and passwords to different accounts.

Reporting

Once a suspicious email is found it is important to prevent the spread by sharing it with others. It could be your colleagues or your friends and family, spreading the word helps the community stay safe. Finally, if you come across an email, that you are simply not sure of but seems suspicious do not click on anything and simply delete it. It is always easier to bring back a message from the trash folder in an email than it is recovering from a phishing attack.

Additional Resources:

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

https://www.umass.edu/it/freshphish – Phishing email attempts with explanations

http://www.phishing.org/phishing-examples – Phishing email examples

https://www.eff.org/privacybadger – Privacy Badger

https://toolbar.netcraft.com/-Netcraft Anti-PhishingTool https://duckduckgo.com/app – Privacy Essentials



More Stories

  • Supply Chain Attack – SolarWinds

    Bill Jones
    January 28, 2021

    In December 2020, CISA announced an “Active Exploitation of SolarWinds Software”. The CISA announcement includes a link to the FireEye Advisory uncovering the supply chain attack that compromised multiple global victims with the SUNBURST backdoor. 

  • Softrams Top 62

    We Made The List!

    Zara Ikram
    March 16, 2021

    Softrams is ranked at number 62 on the second annual Inc. 5000 Regionals: D.C. Metro list. This is the most prestigious ranking of the fastest-growing Washington, D.C., area-based private companies.

  • Automating User Journey Tests

    Murali M
    April 9, 2021

    The need to ensure accessibility of user journey tests extends to each team member. Our open-source steps library enables everybody on the team, irrespective of their programming background, to be able to contribute to user journey tests.