Security Check by John Garza May 31, 2017 Phishing Attacks: How to Spot and Prevent Phishing Attacks What is Phishing? Phishing attempts come in all shapes and sizes but the most common threat comes through one of the most commonly used types of business and personal communication channels, email. The email scam attempts to cloak itself as a legitimate message from a friend or business contact doing all that it can to hide the heinous package that lies within. Even though the messages appear to be from a trusted source, they are designed to trick you into giving up personal information whether you are aware of it or not. That information could be a security key, credit card number or even your social security number. The bad actors then use that info to steal from you or worse, assume your identity. 4 Different Types of Phishing Spear Phishing These are targeted attacks against a specific person or role within a company. They are commonplace in email communication and on social media. The ruse starts by tricking the recipient into thinking they have a connection with the source or sender with the goal of luring them into clicking on a malicious link or email attachment. Whaling A form of spear phishing, whaling specifically targets executive officers and other high-profile targets within an organization. Deceptive Phishing Noted as the most common form of phishing, this attack is carried about by fraudulent actors impersonating a trusted company with the attempt of stealing login credentials. Financial institutions and credit card companies are among the most mimicked and actors form a message that is designed to scare the user into thinking they have to act quickly or risk damage in some way. For instance, someone may get an email from their bank stating they suspect fraud on their account and they should click a link to confirm or deny a purchase. The participating victim trusting the source of the email clicks on the link and the damage is done. Dropbox and Google Drive Phishing A more specialized form of cyber attack, the online drive attack can happen on any cloud drive platform and has recently taken place against both Dropbox and Google Drive users. The offending actors disguise a login page to look legitimate while behind the scenes are copying login credentials. Once the actors are in, they have access to all the files within the account and will use the information to gain further access and exploit both company and personal information. Protecting Yourself and Your Business While there are many schools of thought on how to best guard yourself against a phishing attack, the best way to keep yourself safe is to practice good security hygiene and to undergo routine training within your business on security best practices. In addition, here are some additional things to consider: Be leery of email communication requesting any type of personal information. Do not respond to or click on any links within an email that instructs you to do so. Banks and credit card companies will never ask you to do this and should you receive such an email, go to their website and contact them directly to inquire about their instructions. Read your emails in plain text. One of the main attack methods within a hacker’s email are the links embedded within an email. If you read the message in plain text you will be able to see the URLs that any links direct you to. If you have to read your emails in HTML format, make sure you float your mouse over the link without clicking on it. This will show the actual URL and you can use your better judgement as to whether it is something you should be clicking on. Trust your instincts. If something seems out of place it probably is. Be mindful of scare tactics and generic looking requests or other oddities that just seem out of place. Partner with a trusted data security expert and resource like Jungle Disk to help you put together a reliable data security platform and plan for your business. If you have questions or would like to learn more about how Jungle Disk can help to strengthen your security approach, reach out to one of our experts by phone at 1(888) 601-0401 or by email at firstname.lastname@example.org. Stay safe out there!