PHISHING ATTACKS: 9 BAD HABITS MALICIOUS S LOVE. Proactive IT Solutions.

Size: px

Start display at page:

Download "PHISHING ATTACKS: 9 BAD HABITS MALICIOUS S LOVE. Proactive IT Solutions."

Chad Holland
5 years ago
Views:

1 PHISHING ATTACKS: 9 BAD HABITS MALICIOUS S LOVE Proactive IT Solutions

P2 PHISHING ATTACKS: 9 BAD HABITS MALICIOUS EMAILS LOVE A business professional without an overactive, overflowing, and entirely overwhelming inbox is like a peanut butter and jelly sandwich without

2 P2 PHISHING ATTACKS: 9 BAD HABITS MALICIOUS S LOVE A business professional without an overactive, overflowing, and entirely overwhelming inbox is like a peanut butter and jelly sandwich without the peanut butter. No one wants that. is a necessary and vital component of any business, and without it, many things simply wouldn t happen. This being said, isn t exactly the friendliest technology on the block. At first, you see nothing but the beautiful, well-lit path of communication before you. It isn t until later that you start to notice all those dark alleyways. Will you be curious and venture down one someday? Probably. Will you be exposed to things like malware and data loss as a consequence? You betchya. Typically, these dark alleyways are the direct result of phishing attacks. PhishLabs describes these attacks as hacking the human, and that s exactly what it is. Phishing is a malicious created to hack the human brain and dupe a professional (or nonprofessional) into dropping standard security protocols and procedures. In most cases, the hacker wants the hackee to send over private information, click on a corrupt link, or download a malwareinfested document. In 2016, the digital realm was home to 1.2 million of these brain-hacking phishing attacks - a 65% increase from And 91% of these attacks targeted five industries in particular - financial institutions, cloud storage & file hosting services, webmail & online services, payment services, and ecommerce companies. So sorry to break it to you but anyone, anywhere, at any point is a target. However, certain humans can be more susceptible to these attacks than others, and this is because they re pretty good friends with habits that love to take long, romantic walks down dark, desolate alleyways. Unfortunate, but true. Here are just a few of the habits malicious s love to exploit.

3 P3 YOU BARELY NOTICE THE SENDER. 1 All s come from a trusted source that is, until you realize they don t. But the key is realizing this before you take any action inside an . As an example, a phishing could claim to originate from Netrix IT; however, if you take a look at the address, it reads Support@Netrix1T.com. That address is not the same as Support@NetrixIT.com. While the addresses aren t off by a lot, they are off by enough. And enough is all it takes for an attack to go down successfully. YOU FORGIVE GRAMMATICAL MISTAKES. Yes, people misspell words all the time; they forget to add periods, and they leave out commas. However, if you receive an from a large company or well-known brand, this should not be the case. s from reputable sources are edited multiple times by multiple people. Typically, this should leave you with an error-free . So if you do happen to spot an error, don t be so quick to forgive it. Feel free to hold it against that company, and delete the immediately. 2 YOU RE CLICKER HAPPY. 3 All links are not created equal. So if you spot one inside an from an unknown source, try your very best to avoid clicking it. You can hover over the link and see where it plans to redirect you to; but in some cases, you still can t fully trust it. In these instances, go directly to the source without using anything inside the to get you there. Or, trash the and forget it ever existed.

4 P4 YOU RE A PROFESSIONAL DOWNLOADER. When it comes to downloading documents within an , do so with caution. Download the wrong item and severe damage could pull up a seat next to you. You don t want that. As it is with corrupt links inside a phishing , you should never download something from an unknown source. However, if the download does come from a known and trusted source, then you ll need to ensure that everything lines up appropriately (which can be tricky). In other words, does it make sense that this specific person is sending you this particular document for whatever reason given? 4 YOU DON T OVERANALYZE ANYTHING. Sure, over analyzing personal situations could land you in some 5 pretty awkward situations. But when it comes to s, you should always overanalyze every last piece of it. From the timing and the call-to-action to the sender and the choice of words, it s important to be overly critical of it all. For instance, say you send payments to a certain vendor every Thursday afternoon as requested, but for some reason, this vendor is now asking for a payment to be made on a Tuesday morning. The timing is off, but why? Instances like these need to considered carefully. If s run outside standard protocols, procedures, and routines, you need to figure out the reason behind it. YOU RESPOND TO ANYONE, ABOUT ANYTHING. At the end of the day, is is . What you put inside an might be seen by a handful of people you never thought would see it. This being said, don t hand over information to someone simply because they ask for it. Take your time, analyze the why behind the request, and consider your options. If it s something like a social security number, credit card number, or password, find another way to complete the request. You could always go directly to the source and handle business outside the . 6

5 P5 YOU IGNORE THE SUBJECT LINE. 7 The subject line could be an indicator of a phishing attack. This is because cyber criminals love to sprinkle a little fear over everything. Typically, this involves language such as urgent, requires immediate attention, or must read now. While subject lines aren t the end-all-be-all of determining the legitimacy of an , evaluating the language and tone can help you come to a better decision. YOU TAKE THE SUBJECT LINE TOO SERIOUSLY. On the flip side of things, you could do the opposite of ignore the subject line and take it way too seriously. The subject line says to take immediate action, so, by golly, you take immediate action. However, this is exactly what the wants you to do - for you to accept the scare tactic with open arms and blindly take action. Clearly, this would be a mistake. Don t ignore the subject line, but then again, don t take it too seriously either. 8 9 YOU RE OKAY WITH THINGS BEING GENERIC. If you receive an from a company you currently do business with, they should know your name. So if the fails to address you by name and instead, says something like Dear Customer, remain suspicious of it. Then, if it goes a step further and asks you for something (like login credentials, credit card information, or personal details), then be very suspicious of it.

P6 AT NETRIX IT, WE PROVIDE NETWORK SECURITY SERVICES TO BUSINESSES OF ALL SHAPES AND SIZES.

outs of cyber security, then give us a call today. You can also send us a message or visit our site.

6 P6 AT NETRIX IT, WE PROVIDE NETWORK SECURITY SERVICES TO BUSINESSES OF ALL SHAPES AND SIZES. We help these companies avoid malicious attacks like phishing, and we help them understand cyber security best practices. If you d like to learn more about our services or if you simply want to know more about the ins and outs of cyber security, then give us a call today. You can also send us a message or visit our site Corporate Center Drive, Suite 190, Eagan, MN sales@netrixit.com 4733 Amber Valley Parkway, Suite 104, Fargo, ND sales@netrixit.com

Train employees to avoid inadvertent cyber security breaches

Train employees to avoid inadvertent cyber security breaches TRAIN EMPLOYEES TO AVOID INADVERTENT CYBER SECURITY BREACHES PAGE 2 How much do you know about cyber security? Small business owners often lack