Phishing 101: Beware and Prepare this Holiday Season

    With the holiday shopping season upon us, the FBI is warning consumers to be on the lookout for cyber scams and phishing attacks. Why such concern? According to research, phishing remains a popular and surprisingly effective attack method — in fact, 23 percent of recipients open phishing messages and 11 percent click on attachments.

    Unfortunately, phishing campaigns come in many different shapes and sizes. While some are obvious and indiscriminate, luring only the most susceptible of victims (like that long-lost uncle who just needs your routing number to give you $100,000), others are more poised and targeted, only interested in targeting those with big bank accounts or holders of confidential company documents.

    In this slideshow, Jon French, security analyst, AppRiver, breaks down what consumers and organizations need to know about phishing scams in order to protect themselves and their networks, this holiday season and beyond.

    Phishing 101: Beware and Prepare this Holiday Season - slide 1

    Phishing Scams 101

    Click through for a closer look at phishing scams and how consumers and organizations can better protect themselves and their networks, as identified by Jon French, security analyst, AppRiver.

    Phishing 101: Beware and Prepare this Holiday Season - slide 2

    What Is a Phishing Attack?

    A phishing attack is when an outside attacker attempts to gain information from someone by claiming to be something else. A classic example would be when an attacker sends an email claiming to be from your bank, and links to a spoofed website asking for personal details. Sometimes this is obvious, with a poorly made website or typos everywhere, but other times it can be almost impossible to tell by just looking at the page. It’s important to keep an eye out as to what website you are actually at and what information it is asking for.

    Phishing 101: Beware and Prepare this Holiday Season - slide 3

    Different Phishing Tactics

    A number of different phishing tactics are designed to steal your information or get into your network. Spear phishing is one tactic that targets specific individuals, companies and organizations to gather personal information. Clone phishing is another sneaky tactic that replaces legitimate, previously delivered email content with malicious content and attachments. Cybercrooks often get away with it by claiming that they are sending an updated version of the previous email. Another example is whaling. Just what it sounds like, whaling is when phishers are after the “big phish.” Common examples include a subpoena being delivered to a CFO for fraud or a customer complaint to the director of customer service.

    Phishing 101: Beware and Prepare this Holiday Season - slide 4

    Phishing Signs – Grammatical Errors

    Grammatical errors should always be cause for pause. While copywriters and editors may make the occasional typo in their emails, companies that phishers try to imitate, like Amazon and MasterCard, can afford to hire editors who catch those mistakes.

    Phishing 101: Beware and Prepare this Holiday Season - slide 5

    Phishing Signs – Design Changes

    Emails that are formatted differently than normal are also warning signs. It’s one thing for a website or logo to get a facelift, but it’s another for a company that would normally have purchase information in the body of the email to put it in a .zip attachment. Additionally, if taken to a website, certain nuances of a site, like images not loading and boxes not lining up, should raise red flags. And while a website may look similar to what you normally see, it’s a good habit to look at the website address in the address bar and make sure you are at the correct website.

    Phishing 101: Beware and Prepare this Holiday Season - slide 6

    Phishing Signs – Asking for Personal Info

    Your credit card company knows your full account number, complete with the exact spelling of your name as it appears on the card, the security code, the billing address and expiration date. They will never ask you for all of that information. Depending on the scope, they typically would ask for one or two pieces of identifiable information and a security question for verification. And when in doubt, you can always call the company in question and speak to a representative. He or she will be able to tell you if it’s a legitimate email or not.

    Phishing 101: Beware and Prepare this Holiday Season - slide 7

    Prevention & Protection: Be a Skeptic

    Tip 1: Be a skeptic.

    As a user, always keep a healthy level of skepticism when reading unsolicited email — particularly if you’re seeing some type of too-good-to-be-true holiday shopping deal. Never click on its links or attachments unless it’s a trusted source.

    Phishing 101: Beware and Prepare this Holiday Season - slide 8

    Prevention & Protection: Stay Up to Date

    Tip 2: Stay up to date.

    This certainly isn’t the first time you’ve heard this, but it’s a good reminder to update your software. Hackers often leverage vulnerabilities in outdated software. That’s why web browsers and third-party software must be kept up to date. IT staff should always ensure this best practice is front and center with employees.

    Phishing 101: Beware and Prepare this Holiday Season - slide 9

    Prevention & Protection: Adopt a Layered Security Approach

    Tip 3: Adopt a layered security approached.

    While it’s great to familiarize yourself with the latest trends in IT security, the easiest way to prevent a phishing attempt on your network is to adopt a layered security approach. Although there is no “silver bullet” to prevent malware attempts, like phishing, a combination of email filtering and web protection solutions can work together to block malware from gaining access to your network.

    Phishing 101: Beware and Prepare this Holiday Season - slide 10

    Prevention & Protection: Reward Honesty

    Tip 4: Reward honesty and communication.

    Once a company’s perimeter has been breached, reaction time plays a critical role in mitigating the damage. Employees should not be afraid of facing repercussions if they’ve fallen victim to an attack. Instead, they should be encouraged to inform their IT department straight away.

    Phishing 101: Beware and Prepare this Holiday Season - slide 11

    A Final Holiday Tip

    Throughout the holiday season, a lot of money exchanges hands, both physical and virtual. This is a primetime of the year for phishing attacks to take place and questionable websites to run off with money. With users searching for great deals and in the money spending spirit, it could be possible for them to fall victim to an attack more easily. So keep an eye out for great deals but stay alert to what information you may be giving out and to whom you’re giving it to.

    Latest Articles