No Phishing Allowed! - Softrams

  • Press
  • Security

Harshita
October 19, 2021 487 views

A hacker being blocked from his phishing attempt.

Did you know over the past year there has been a significant increase in the number of phishing attacks around the world? According to the FBI’s IC3 annual report for 2020 there were 241,342 complaints in the country with losses amounting to around $54 million. This staggering number is just for phishing crimes itself, when including some of the more harmful attacks on small businesses and companies the amount only increases. However, there are simple ways to help protect your devices from phishing attacks and making sure everyone stays safe.

What is Phishing?

The term Phishing was originally coined around 1966 and is when hackers trick users into clicking on spoofed links in their email or website. Once directed to the fake website the user is tricked into providing sensitive information such as one’s full name, birthday, account numbers, addresses, and even work emails, allowing for the hacker to be able to easily break into a person’s account and steal valuable information. What the hacker can steal and use against you can vary greatly depending on the context; however, it is most common for attackers to attack where there is a monetary value associated. This can include sending emails posing as your bank or a fake website claiming to sell a product that is sold out in other areas. With an increasing number of people depending on technology and online resources hackers are able to easily gather specific information about a single person and their lifestyle.

How can you spot it?

Spotting phishing attacks and protecting oneself takes more than gut instincts. There are some simple ways to spot potential attacks. The image below is an example of a common type of email that a user might receive from an attacker. By looking at the body of the message, there is nothing that is out of the ordinary, it seems like a regular alert message for the user. In this instance first, check the header, the user can understand if the email came from a valid source. In the first image, the message is from alerts@okto.com; however, by reading through the message, the name of the software being mentioned is Okta. This discrepancy between the name of the software being used can be a helpful indicator that this email is not safe.

Another way to make sure that the email or link is from a trusted domain is by hovering over a link. In the image below by hovering over the word link, it shows the pathway that is being taken and, in this case, it is taking the user to a website name okto when it is supposed to be from okta as stated within the body of the email. By making sure this path is consistent with no typos can ensure that the email can be trusted.

Finally, another simple way to spot a phishing is by observing if there are any grammatical or punctuation errors within the email that was sent.

What can you do to protect yourself?

Protecting yourself and others might seem like a daunting task. With so many websites and emails being sent on a daily basis, it is important to take a few precautions to protect oneself.

  1. Protect your computer and mobile devices by constantly updating the software and using security software as necessary.
    1. Many applications, such as email already have built-in software to help protect their users from security threats. However, it is important to check in periodically and update the software so that the device is up to date and can continue to protect user’s data.
  2. Protect your accounts with Multi-Factor Authentication
    1. Multi-Factor Authentication (MFA) is where the application requires two or more sets of credentials to be entered by the user, to access the information. Many applications have this feature and is helpful to use for important applications so that if a hacker does get your username and password they will not be able to access your account and the information inside will still be safe.
  3. Protect your data by backing it up
    1. Backing up information from your computer or mobile device helps reduce the amount of information a hacker can potentially have access to. However, make sure to back up the information to an external hard drive or a cloud storage so that it is harder for a hacker to get access to the information.
  4. Make sure the email is from a trusted user
    1. Using the techniques mentioned above always take the time to make sure that the email is send from a verified and trusted source. It is always recommended, if you are not sure to use another form of communication to make sure the email or message sent is from the intended user.

Last but not least,

  1. DO NOT EVER PROVIDE PERSONAL INFORMATION
    1. This is important and cannot be stated enough. Do not provide personal information to another user through email, no matter how close you are with them. It is always better to provide the information, if possible, in person or by calling the person. Personal information can include account information, important files and documents with company data and information, or usernames and passwords to different accounts.

Reporting

Once a suspicious email is found it is important to prevent the spread by sharing it with others. It could be your colleagues or your friends and family, spreading the word helps the community stay safe. Finally, if you come across an email, that you are simply not sure of but seems suspicious do not click on anything and simply delete it. It is always easier to bring back a message from the trash folder in an email than it is recovering from a phishing attack.

Additional Resources:

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

https://www.umass.edu/it/freshphish – Phishing email attempts with explanations

http://www.phishing.org/phishing-examples – Phishing email examples

https://www.eff.org/privacybadger – Privacy Badger

https://toolbar.netcraft.com/-Netcraft Anti-PhishingTool https://duckduckgo.com/app – Privacy Essentials



More Stories

  • Reflections of a Softrams Security Intern

    Nitya Parasuramuni
    July 26, 2021

    Online identity thefts, phishing attempts, ransomware attacks, and much more are at an all-time high. Our Softrams Security Intern provides an insight of translating her expectations into a career and provides some wisdom she's learned along the way.

  • Security via Obscurity: A Persistent Pitfall

    kmurraysoftrams
    January 5, 2022

    A brief metaphorical monologue cautioning about the easy security pitfall that is Security via Obscurity. This strategy employs secrecy as the primary method to secure an asset- whether this is liquid wealth, documents, or data on a server somewhere.

  • Understanding ClickJacking

    Harshita
    September 7, 2021

    Explore ClickJacking; an interface-based attack where a user is tricked into clicking on a website or application in order to obtain user information. Learn more the different ways to protect yourself from such malicious attacks.