By Austin Sherman, Emery Telcom IT Specialist
Phishing? I thought it was spelled fishing?
In the hacker world, phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to the legitimate one. Similar in the way that fishermen try to hook fish and reel them in, hackers try to trick unsuspecting computer users to click on a malicious link in an email or on a web page to reel them in to steal their sensitive information.
Tech firm Ubiquiti lost $46 million as a result of a phishing campaign that targeted Ubiquiti’s finance department. The attackers impersonated high level executives to give orders to wire money to the attackers controlled bank accounts.
Ransomware is something that almost everybody that uses a computer has been affected by or they know of somebody being hit by it. Ransomware is often delivered via a phishing email that tries to get the receiver to click on a link that will take the user to a malicious website that will initiate the ransomware download and the encrypting of the users files.
How can we protect ourselves from being phished?
- Be a skeptic when it comes to electronic communication. Be wary of emails asking you to click on links and give personal information.
- Make sure the links contained in the email are what they claim to be. Hover over the link without clicking on it to view the web address.
- Verify the email address, not just the name, that sent the email. If the email says it’s from SomeBank then the email address should be something like firstname.lastname@example.org and not email@example.com. Sometimes you have to dig a little deeper in the email program to see the actual email address that is associated with the email.
- As always, install the latest security updates for your OS and installed applications.
Stay safe out there and don’t get phished!