Published Dec 7, 2018
We are now entering the holiday season where we expect to give Thanks for our blessing and spend more time with friends and family. This is also the season of giving and we are all busy shopping, travelling, and doing other fun things like online shopping which will require significantly more cyber activity.
Hence we have prepared these cybersecurity tips to help keep you safer from the most insidious of cyber-threats during this holiday season – Phishing.
When you look in your email inbox, you probably expect to see messages from family, relatives, colleagues, customers, vendors, business partners and other acquaintances. But there could be messages lurking there that pose a threat to you in the form of phishing emails. Phishing is a form of fraud in which a cybercriminal sends emails designed to look like legitimate messages from people you may know with links or attachment. However, if you click a link in a phishing email or open an attachment, the email sender could gain access to your personal computer to steal your personal and financial information. This information can then be used to purchase things online, commit fraud in your name or install malicious software on your computer.
Studies show that about 150 million phishing emails are sent each day worldwide to both personal and work email accounts. It’s a lucrative criminal business because the people who send phishing emails can get access to valuable information and either use it or sell it to other cybercriminals for a big payoff. It is also estimated that 59% of ransomware infections came from emails with “infected” links or attachments in 2016 so it is very essential to be vigilant.
Some of the different tactics used by cyber-criminals for accomplish their despicable Phishing objectives are:
- Dropbox Phishing – Realistic-looking emails claiming to come from Dropbox request that the user click through to “secure” their account or download a shared document
- Spear Phishing – Spear fishing systematically targets specific groups of people in an organization, such as system administrators, developers, and finance and HR staff
- Google Docs Phishing – A message invites victims to view documents on Google Docs. Entering your credentials sends them straight to the phishers
- CEO Fraud – Phishers use an email address similar to that of an authority figure to request payments or data from others within the company\
- Deceptive Phishing – Email messages claiming to come from recognized sources such as vendors, creditors, or financial institutions ask you to verify your account, re-enter information, or make a payment
- Pharming – Phishers hijack a website’s domain name and use it to redirect visitors to an imposter site.
We suggest that you can some of the following countermeasures to keep yourself safe from “Phishermen” and not become a “catch”:
- Studies show 30% of Phishing emails are opened – so make sure you:
* Never give out personal or financial information based on an email request
* Do not trust links or attachments in unsolicited emails
* Never be lured by incredible “deals” - 25% of malware is spread through USB devices like “memory sticks”:
* Do not share your USB device
* Do not use another person’s USB device - 63% of confirmed data breaches leverage a weak, default, or stolen password so always:
* Change your passwords periodically (at least every other month)
* Lengthen your password to maximize its strength
* Use multi-factor authentication when available - 27% of data incidents are caused by human error – so make sure you:
* Confirm the email destination before pressing send
* Use secure files transfer tools and do not send attachments via email
* Avoid simple mistakes caused by shortcuts
Please keep these points in mind and have fun and enjoyable Holiday Season.