Have you ever received an email that encouraged you to click a link, and you decided not to at the last minute because something seemed fishy? We all have.
About 4% of all emails are phishing attacks. The average person receives over 120 emails per day. That means, you receive about 5 phishing emails every day!
What is phishing?
It’s a fraudulent email that appears to be from a reputable company in order to induce you to reveal personal information, such as passwords and credit card numbers.
Sometimes, phishing emails are embarrassingly poorly conceived.
But sometimes, they are scary good and can fool the best of us. It’s highly likely that you use Office 365 for your business email. There’s a new batch of sophisticated cyber attacks that ask people to sign in to their SharePoint and OneDrive accounts through fake web pages that look like Microsoft’s login page.
An even more dangerous form of phishing is called spear phishing, which is a fraudulent email that is targeted at a specific person (often for a specific reason). Executives and politicians are frequent targets of spear phishing attacks.
How can I tell and what should I do?
The best way for you to determine if an email is suspect is to look at the sender email address (and even this is not always full-proof because sometimes hackers can disguise the sender email to make it look legitimate). If it, or the content of the email, looks in any way suspicious, DON’T CLICK ANY LINKS IN THE EMAIL.
If the suspicious email was sent to your company email address, report the email to your IT administrator. If the suspicious email was sent to your personal account, either delete it or reach out to the sender – not by clicking “reply” to the suspicious email but rather by contacting the person/company that the email is supposed to be from. For example, if the email looks like it’s from me, call me or send me a new email.
Never trust phone numbers that are included in the content of suspicious emails. Hackers have sophisticated set-ups where they have real people answering the phone to trick you into thinking the phishing email is legitimate.
What if I click and enter my credentials on a fraudulent website?
Frankly, it’s not great news. But I’m going to walk you through what will likely happen, then I’ll explain new technologies that have been developed to eliminate this problem.
Let’s say that you received a phishing email that said you need sign into your Outlook account.
You clicked on the link and entered your credentials. Unknowingly, you have set a lot of bad things in motion. Here’s what might happen:
Another dangerous thing is that when cyber criminals gain access to your email account, they don’t let you know. They could silently view your emails for months or even years without your knowledge. Scary stuff, right?
What should I do to prevent phishing attacks?
The simple answer: Don’t click on anything that looks suspicious. When in doubt, check it out directly with the person who sent it.
Also, password managers like Dashlane or LastPass can be very helpful. Make sure that you use a different password for every account. Try to avoid using your email address as your User Name – although this will only go so far because most User Name recovery programs are tied to email addresses.
Didn’t you say you had a real solution?
Yes, we do. At LockDown, we have created a new standard for digital identity that does not rely on User Names, passwords, email address or phone numbers.
Our system is faster, more secure and easier to use than today’s password-based identity authentication. Imagine never having to manage another password!
In the future, we’ll use our technology to power authentication for your favorite websites, apps and platforms.
We’re just getting started and we hope you give us a follow.
About “The LockDown Low Down”
The topic of cybersecurity can be overwhelming – especially for business professionals who aren’t IT experts, yet are exposed to all sorts of cyber threats, terminology and instructions.
There are enough acronyms in cybersecurity to make your head spin or, like many business people, to make you shut down and stop listening. This blog is meant to explain cyber topics, and the current threats and solutions in plain, understandable English. Our goal is to bring you quick and easy information that can make you more educated and help you make better decisions. In short, to simplify cybersecurity.
The SolarWinds hack that impacted the U.S. Treasury, Department of Homeland Security and Commerce departments, as well as other government agencies and private companies was a big wake up call … Read More