Get the inside scoop with LoginTC and learn about relevant security news and insights.

Cybersecurity Awareness Month: How You Can Phight the Phish

October 14, 2021Mercedes Chircop

The act of phishing is a lot more common than you might think. Thousands of scams like these are launched every day but the real question is, could you recognize a phishing scam when you see one?

First, let’s identify what phishing is; and no we’re not talking about actual fishing. Phishing is the act of impersonation through emails. Phishers essentially create realistic-looking emails from a reputable brand or company and act as if they are a part of that company to gain access to your private information.

Believe it or not, these scams are quite successful generating about $57M in losses for companies who fell victim to a phishing scam.

But how are we still being affected by phishing scams? Are we just not aware of what to look for? Are we too trusting with emails that we don’t even blink twice when we receive an important email from a brand? These are all questions we’re going to answer.

Let’s tackle the types of phishing attacks.

  1. First, we have emails claiming to be someone who’s stranded in a foreign country and asks you to wire money so that they can travel home. This one is not as common for businesses as it is for the average person. However, these types of emails should still be reported and deleted right away.
  2. The next one is quite common, phishers will claim to be from a reputable news organization and try to capitalize on trending news. They send you an email that looks legit and asks you to click a link for the full article which then leads to a malicious website.
  3. A third common attack that we see is from a company asking you to reset your passwords or update your payment information (we’ll take a better look at this later).
  4. Another popular one is threatening to harm recipients unless large sums of money are paid.
  5. The fifth common one is an email claiming that confirmation of complaints or payment has been made. Having not made a payment or complaint, the recipient is now inclined to click on the link provided to see what is happening which then leads them to a malicious page.

It’s important to know that phishing takes many forms and all pose difficulty for recipients to filter out phishing emails from legitimate ones.

How phishing happens is usually because employees are not aware of what to look for to decipher a malicious email versus a legitimate one. So how do we “Phight the Phish?”

Well, there are some common trends we see in phishing emails that are easy to point out. Let’s take a look!

  1. Emails with generic greetings are a big NO! Ideally, when you receive an email from a company, they use your name in the greeting. Phishing emails, however, will use greetings such as “Hello bank customer” or “Dear customer” rather than using the recipient’s actual name. If you receive an email with these types of greetings, chances are it’s fake.
  2. Emails that request personal information are generally fake and should not be entertained. Legit companies never ask for personal information through a link and usually have security questions before accessing private information online.
  3. Emails that require an urgent response are also a big red flag. Phishing emails generally are more effective when a sense of urgency is placed, which leads the recipient to believe that their account is in jeopardy if they don’t act immediately.
  4. Emails with links are usually questionable. If you’re not sure whether or not the link is real, hover over it and see where the source lies. If the link doesn’t appear with “https”, then it’s likely a bad link and you should not click it.

Now that we know how to identify phishing scams, how can we protect ourselves against them? Well, there are a few options to consider. The first option is to protect your computer using security software. It’s best to have the software on an auto-update so it can deal with new security threats without having to be monitored.

Another option is setting your mobile software to auto-update. This allows you to mindlessly go about your daily activities without having to worry about if your system is updated. A third option is to protect your data by backing it up. It’s best to back up your data on an external hard drive versus your home network. This makes your information easily accessible without the worry of it being stolen.

But the best and most effective solution is to implement a two-factor authentication system. Having a 2fa system makes it more difficult for scammers to access your private information. In the event of an out-of-band authentication, a phishing hacker would need to physically obtain a victim’s device to pretend to be the person and to scam the authentication process. By triggering two-factor authentication, the hackers are unable to successfully perform the hack they were trying to do.

If you’re interested in 2fa but don’t know where to start, LoginTC offers a no-commitment 15-day free trial that’s easy to set up and connect to all your systems and applications. Try it out here!

Start your free trial today. No credit card required.

Sign up and Go