Protecting yourself from phishing, smishing and vishing
posted by Ben Hayden on Tuesday, October 9, 2018 in SHAZAM Blog
There’s a lot of junk email and some of it is very dangerous. Every day we’re tasked with having to guess if something is legitimate. And most importantly, none of us want to be the one who lets the bad guy in. Right?
According to FireEye, an international information security firm, 68 percent of junk emails are automatically blocked by the technology resources at your organization. As for the remaining 32 percent, each employee has to make a decision about its legitimacy. We don’t want to be compromised, yet we’re left guessing if about one-third of our email messages are for real. The odds aren’t in our favor, leaving us frustrated and stressed. The good news is that there are some easy habits and mental tricks to win the game.
Phishing
Phishing emails are created to appear as if they’ve been sent by a legitimate organization or person. With the decline of attached files, content-focused messages are much more common. This means that bad guys are gathering personal information found on social media and websites then using it to create very realistic messages asking for you to click a link, reply to or forward the email. This email might not even be the actual attack — it could be paired with one of the following techniques to improve its realism.
SMiShing
A form of phishing that uses text messages is known as SMiShing or smishing. It’s best to just ignore these text messages. If you get a text, look at the sender and then find their contact information by some other means. For example, if your financial institution texts you and asks if you made a recent purchase, don’t reply to the text. First, go to the internet and find their website and phone number. Then, call and ask about the text. If they didn’t send the text, delete it. Mobile phone security is very weak and could have far-reaching and dangerous effects.
Vishing
All phone users are vulnerable to vishing schemes. If you receive a phone call that requests information, be sure to ask questions to ensure you’re speaking to a reputable organization. Because requests made over the phone are so common, yet vary so much, the best thing to do is ask your institution’s leadership for guidance. Determine who is responsible for answering requests and how should the requests should be verified for authenticity.
To prevent attack, implement these tips:
- Never trust an email that comes from an address that you don’t recognize.
- If the email seems to be legitimate, take the time to look at the content. Does the request seem sensible?
- Look for ways to verify the sender’s request using other resources, such as an internet search.
- Develop a decision tree for handling business requests. Know who is authorized to accept these requests and train that person on how to verify and how to handle them.
Protecting our data from attack is our shared responsibility. By monitoring email, texts and phone calls we can better evaluate the authenticity of the information we receive and know when to throw it out or not respond.
Tags
- cybersecurity
- phishing
- vishing
About the Author
Ben Hayden utilizes his expertise in cyber investigations, financial crimes and digital forensics to assist financial institutions in evaluating their cybersecurity vulnerabilities. He manages SHAZAM’s risk management services, helping member institutions mitigate their risks in information
... read entire bio
SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney.
Comments
comments powered by