WHAT IS A PHISHING OR SPEAR PHISHING ATTACK?
To answer this question, I will use the explanation from Phishing.org
“Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.”
Spear phishing is a targeted phishing attack on an individual and/or organization using information that is specific to them or their organization, like where they bank or shop, and is very lethal. One of the most common goals of phishing is to trick a user into clicking on a link and/or attachment within an email so that the cybercriminal can infect the user’s computer with malware.
HOW DO I PROTECT MYSELF FROM PHISHING ATTACKS?
The best way to protect yourself from phishing and other similar attacks is to increase your awareness about these types of attacks and learn how to protect yourself and your company from the damage they may cause. You don’t need to become a cybersecurity expert but rather you need to become aware of the various types of cyber-attacks that you may encounter in your day-to-day activity. We also encourage you to train yourself how to spot and respond to such attacks (see example below in Appendix A of a Phishing Email). I will give you the resources to help you achieve a level of user security awareness that will help you be more prepared.
TNTMAX PHISHING PROTECTION RECOMMENDATION LIST:
- STOP, SLOW DOWN and EXAMINE all emails. It’s important to understand that we are all vulnerable to attacks so be careful and take your time.
- DO NOT TRUST the sender’s address in the ‘send’ part of the email, even if it looks familiar. This is easy to fake.
- DO NOT CLICK on anything in the email. Look at and read the email but do not click on anything in the email like links, images, logos, etc.
- READ THE EMAIL CONTENT, CAREFULLY look for misspelling and abnormalities. These are very common in poorly crafted phishing emails (see example below).
- ALWAYS TREAT AS A POTENTIAL THREAT, and if you’re unsure, ask for help. Trust your instincts. If you feel something is wrong, then treat it as a threat.
- CALL THE SENDER from a trusted number you have for them and confirm they sent you this email with the attached request and/or link.
- Be aware of THREATENING and URGENT tones in the subject or the anywhere in the body of an email.
- LEARN MORE ABOUT PHISHING. Below in Appendix B we included a list of phishing training websites that are very helpful in showing users how to spot phishing emails. We recommend you take the time to take all 8 quizzes.
APPENDIX A – RECOMMENDED PHISHING TRAINING WEBSITES
Below are 8 FREE Phishing quizzes that TNTMAX recommends you take to determine
your phishing scam detection abilities and more importantly learn some key ways to
spot phishing scams. Be sure to share these with your family and coworkers and
encourage them to take these quizzes too.