Phishing attacks are very common and, unfortunately, are one of the most dangerous forms of cybersecurity threats. In 2022 alone, more than 84% of organizations faced at least one successful phishing attack. Here are some tips to help keep you cybersafe.

TIPS TO AVOID A PHISHING ATTACK

  • Review and examine every email that you receive carefully before you trust it. If the email looks suspicious or is unexpected, go straight to the source to verify that it is legitimate before clicking any links, opening any attachments, or responding.
  • Beware of requests for personal information such as passwords, credit card details, or Social Security numbers. Legitimate organizations will not ask you to provide sensitive information via email.
  • Always check the sender’s email address before you open a message. Hackers will use “spoofing” to make email addresses appear as though they are being sent from a trusted or internal source.
  • Hover over links in an email to inspect the address. It could send you to a malicious website. Instead of clicking on the link, open a web browser and go directly to the organization’s website.
  • Look out for emails with generic greetings such as “Dear customer” or “Valued Customer”.
  • Emails with a sense of urgency are a common tactic. Fear-based attacks, for example, use phrases such as “Your account has been suspended” to try and convince you to take immediate action such as clicking a malicious link.
  • Malicious emails can contain familiar logos and contact information to make the message seem as though it comes from a trusted brand. Most internal emails are safe—but don’t let your guard down when reviewing them.
  • Check for typos. Bad spelling and incorrect grammar are tactics that hackers use to bypass security protocols in organizations. Executives and employees with access to financials or sensitive information are high targets for attack.
  • Enable multi-factor authentication (MFA) for your online accounts if the feature is available. This verification adds another layer of security beyond just using a password.

OKAY, I FELL FOR IT. WHAT DO I DO NOW?

  • Write down any details you can recall of the attack.
  • Change the passwords on any affected accounts as soon as possible.
  • Scan impacted devices with antivirus software. It may help remove any malicious software possibly installed during the attack.
  • Review your accounts to verify no changes, activities, or unauthorized transactions were made. If you provided sensitive information, report the incident to the service provider. They can secure your account and monitor fraudulent activity.
  • If your account was possibly compromised, notify your contacts and advise them to be cautious of any suspicious messages from your email address.
  • If it is a work-related account, contact the LASERS Help Desk team.
  • If you believe you’ve been a victim of identity theft, contact your local law enforcement.

LASERS uses security tools such as web filters, email filters, antivirus software, and site blockers to help prevent attacks.

DID YOU KNOW?

About 15 billion phishing emails are sent across the internet every day!

Sources: Infosec.com | Microsoft.com | cybertalk.org