Did you know it’s cybersecurity month? Well it is! Each week I’ll post a note on a topic related to cybersecurity. This week the topic is phishing (everyone’s favorite).
Cybercriminals use types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money. Social engineering is at the heart of all types of phishing attacks—those conducted via email, SMS, and phone calls. Technology makes these sorts of attacks easy and very low risk for the attacker. Three tips can go a long way:
– Don’t react to scare tactics: All of these attacks depend on scaring the recipient, such as with a lawsuit, that their computer is full of viruses, or that they might miss out on a chance at a great interest rate. Don’t fall for it!
– Verify contacts independently: Financial transactions should always follow a defined set of procedures, which includes a way to verify legitimacy outside email or an inbound phone call. Legitimate companies and service providers will give you a real business address and a way for you to contact them back, which you can independently verify on a company website, support line, etc. Don’t trust people who contact you out of the blue claiming to represent a company.
– Know the signs: Does the message/phone call start with a vague information, a generic company name like “card services,” an urgent request, and/or an offer that seems impossibly good? Hang up or click that spam button!
Digital Guardian put out this poster that covers a lot of good phishing information. I wouldn’t print it on 8.5 x 11 paper because it’s too small. But it’s good for a computer screen.