Spotting Phishing
Phishing is a technique used to steal sensitive information from a victim, like usernames and passwords. It is most commonly done via email, and attackers use a variety of tactics to lure victims into giving up their data, including impersonating trusted institutions, leveraging urgency, or attempting to trick a victim into clicking malicious links.
Spotting phishing attempts is not always easy, but there are several red flags that any computer user can look for. For example, phishing emails often include poor grammar and spelling, generic greetings such as “Dear Customer,” or images that are not part of the original message. They may also have a fake padlock icon that ordinarily denotes a secure site. Generally, phishing messages are not authentic and should be reported to the company or person that the message claims to represent.
Even the most advanced tech companies can fall prey to phishing attacks. In a 2014 attack that resulted in the loss of $100 million from two of the world’s most prominent technology giants, phishers posed as recruiters to convince employees to open files with backdoor malware and bypass the company’s SecurID two-factor authentication system.
Regularly changing passwords is a simple way to mitigate risk. Additionally, it is important to back up all data and to keep software and firmware updated, as these updates are typically released to fix bugs and vulnerabilities that can be exploited by hackers in a phishing attack. This practice should be made a standard operating procedure in all organizations.