Lumeta is now Cyber Asset Manager. Learn More

Cybersecurity Awareness Month
Back to Basics: Phishing, don’t take the bait.

Cyber safety is not just for CISOs or techies anymore. Technology touches all of us nearly every single day, from baby nurseries to nursing homes. It is so important that everyone understands the basics of safe cyber activity. October is Cybersecurity Awareness Month and FireMon is here to provide tips in an easy-to-understand format for even the youngest of readers. So please, share with your friends and family and stay safe out there!

Fishing takes patience and persistence. You know which fish you’re trying to catch and lure up accordingly, red wigglers for catfish or chum for sharks. You carefully set up your bait to look as real and attractive as possible. It may take hours, but one good catch can make it all worth it. Phishing on the web isn’t much different, except now threat actors are the ones casting the net.

Roughly 90% of data breaches occur on account of phishing. Between social media and email, clickable links embedded in tweets, posts, texts, and messages are the number one way for bad actors to gain access to your information. Corporations and individuals are equally susceptible to attack.

Billions of spam emails are distributed every day and are often filtered out. However, about 30% are so well crafted that they squeeze through and are opened by the recipient. Junk mail can be harmless marketing, but it can also be a malicious ruse. Phishers have a tackle box of techniques to lure their targets into unwittingly sharing their data.

5 Types of Phishing

  1. Email phishing – The most common. Imitates real websites’ url or email address, but often has something slightly amiss. These are often filtered out automatically but can appear legitimate.
  2. Spear phishing – More targeted email attack. Typically includes personally identifiable information, like your name, employer, or job title to make it seem legitimate.
  3. Whaling – Personalized attack. Whalers may impersonate senior executives asking a personal favor of their staff, often requesting money urgently. It is usually short and subtle.
  4. Smishing and vishing – Similar to email phishing but using texts and phone calls.
  5. Angler phishing – Targeted attacks on social media. This includes fake URLs, cloned websites, posts and tweets, and instant messaging.

Though many phishing attacks are obviously askew with broken English or abhorrent requests, some can be very well-disguised. We have compiled a few tips to spot phishing attacks.

  • Check the email address of the sender. Make sure the email address and organization referenced in the email are the same. Sometimes they are completely different, and sometimes they are so similar that you have to do a double take. For instance, a fake email may use “rn” to look like an “m.”
  • Ask yourself if you’re expecting the email. Oftentimes phishing attempts will prod for sensitive information and have attention-grabbing content, such as “suspicious activity on your account” or “you’re late on a payment.” This creates a sense of urgency and tries to panic the recipient. If you’re suspicious, go directly to the website referenced – without clicking on it in the email– and contact them directly.
  • Check for typos in the content, email address, and links. Grammatical errors and typos are tell-tale signs of a problem. This is because the bad actors are often not native English speakers.
  • Do not click on untrusted attachments. The content in phishing scams is often short and directs you to open an attachment that can immediately harm your device.
  • Preview links to make sure they are legitimate. If you have doubts, hover your mouse over the link, and look at the bottom of your screen to see where it is trying to send you. Better yet, visit the website mentioned directly, by typing it into a separate browser.

Key Takeaway: never click on anything from a source where you have not established trust. If something looks too abrupt, is of an unexpected urgent nature, or in general seems suspicious, the best course of action is to delete it! Never respond to something attempting to gain access to your or someone else’s personal information.

The Internet is an incredible place. Enjoy and scroll responsibly!

About the Author

You May Also Like

MSP Landscape, an interview with Steve Martinez

We sat down with FireMon’s MSP & Cloud Operations Strategic Account Executive, Steve Martinez to discuss the latest MSP landscape. Here’s how it went: 1. Could you tell us a little about yourself and your role? In total, I have been with FireMon about 17 years, over two tours and

Read More >

Get 9X Better

See how to get:

90% Efficiency Gain by automating firewall support operations

90%+ Faster time to globally block malicious actors to a new line

90% Reduction in FTE hours to implement firewalls

Schedule a Demo