Phish attacks are emails that are broadcast to a large group of email addresses, like a fisherman casting out a net to see what he catches. Hackers are mostly playing the numbers game, looking for people who don’t know the signs of a setup or con.Hackers want the ones that will click anything that shows up in their inbox, can’t resist seeing if there really is a video or picture of them they haven’t seen, clicking to see if they won that drawing they don’t remember entering, or why their account suddenly closed from an email demanding immediate action.
While most of us would like to think we can avoid phish attacks, it’s not always easy. Especially when it’s a spear phish.
A spear phish attack is just that – picture that fisherman with a spear instead of a net. He knows exactly what or who he is aiming for. These are harder to pick up on. For this attack, the attacker has taken time to do some recon on you. They run a Google search on your name and check Facebook, LinkedIn, and other social sites looking for clues about you. Just about any social site is loaded with the kind of information they can use to seem familiar to us, with the only goal of getting us to click.
While there are many other types of attacks besides phish attacks, these are some of the most effective. So here are some best practices and security steps that will make you safer online when dealing with email attacks.
1. Expect an attack every time you check your email accounts. Every time. Attackers find new ways to get past filters every day, so don’t count on software or others to catch it all.
2. Let a red flag appear every time you receive an email that wants you to do one of these 4 things: open an attachment, click a link, call a phone number, or visit a website.
3. Do not open ANY attachment you are not expecting. This includes Word docs, Excel spreadsheets, PowerPoint files, PDF’s, photos, and especially Zip files. Call the sender or email them from your address book to confirm they sent it. One click can change the rest of your week. Or life.
4. Whether it’s on your smartphone, desktop, or laptop, always run updated antivirus software and have it screen incoming and outgoing email.
5. Just because an email displays information about you that is not commonly known, don’t assume it is from the sender. Spoofing, or faking, the sender’s address and cloning popular websites is simply clicking a button for hackers.
6. Do a Google search on your name. See what information is available to anyone online. Also, check all your social sites, including your LinkedIn page, and make sure your privacy settings are secure. Policies change several times a year, so go back and make sure your information has the appropriate restrictions. Make sure the bad guys have to work a little harder to steal from you.
Along with keeping your systems and programs updated, using strong passwords, and not using your administrator account for general internet browsing, these steps will help keep your personal information safer online.