We are now in week two of National Cybersecurity Awareness Month. And this week has an important theme, "Fight the Phish!" We have talked about phishing before, and this won't be the last time we talk about it. Phishing is one of the most common ways hackers gain access to secure networks and trick people into giving away their personal information. Because of this, it is vital to cybersecurity that you understand how to identify and handle phishing attempts.
First off, if you have never heard of phishing before, let's define what it is. A phishing attack is when a malicious website or email is used to try and infect your device and network with malware and steal your personal information. What makes phishing attacks especially dangerous is that the malicious website/email is disguised to look legitimate.
The primary method for protecting yourself from phishing attempts is to be vigilant and suspicious. Anytime someone asks you to give them personal information, download a file, or follow a link, you need to ensure that the source is one that you know and trust. If you ever have any doubts about whether a source is legitimate, it is always safer to assume it is not and not engage with it. The first thing you should always do when engaging with a website or email is check the website/sender address. If the address is not what you know or believe it should be, do not engage with the content, it might be a phishing attempt. While the address is a great place to start if you notice any other discrepancies, those are also good indicators that you may be dealing with a phishing attack.
Additional steps you should take to protect yourself from phishing attacks include playing hard to get and investigating links before you click them. In this context playing hard to get means being cautious with when you give away personal or private information. Consider who is asking for the information, whether it is information they should have access to, and whether they can prove they are who they claim to be. Any element in a website or email can be a link, and it may not always be pointing to where it seems on the surface. To check the exact location of a link, you can either hover over it till a text box appears telling you where it leads or right-click the link and click the 'Copy link' or 'Copy link address' option, then paste that address somewhere to confirm it leads where it should.
As we mentioned, this is not the first time we have talked about phishing attacks, and it likely won't be the last either. As long as phishing attacks continue to be a problem, there will be a need to teach people about them so they can protect themselves from such attacks.
We highly recommend you get our Cybersecurity Essentials for Business Owners to understand the state of cybersecurity in today's climate.
Remember: Do Your Part. #BeCyberSmart.