There are any number of unusual terms when it comes to cybersecurity and Phishing is one of them.
Phishing is defined as a fraudulent attempt to obtain personally identifiable information (pii) such as usernames, passwords, credit card numbers, bank account numbers or other sensitive details by impersonating trustworthy sources using digital communication, which now may include your landline if you still have one. Those phone numbers that you don’t recognize are more than likely a phishing attempt.
The most common forms are email spoofing, instant messaging, and text messaging. In addition impersonating a trusted source, most phishing creates a sense of urgency. The cyber-criminal is hoping for you to react instantly without thinking. The goal is to direct you to enter personal information at a fake website which looks and feels like the legitimate site. In other cases, they are hoping that you will verbally give your personal information.
In addition to impersonation-based phishing, cyber-criminals and nation-states such as Russia, Chine and Iran use fake news articles designed to provoke outrage, causing you to click a link without thinking. Once on there, you can be infected with a virus such as ransomware or redirected to pages that will do the same.
Through 2020, phishing is the most common attack performed by cyber-criminals. The FBI reports twice as many incidents of phishing than any other type of computer crime.
The ‘Nigerian Prince’ email has become one of the most famous phishing scams. In fact, it has become a cliché or even a joke at this point. It has been around for over 20 years. This attack pretends to be from a member of a foreign monarchy asking the user to send a nominal amount of money with the promise of millions in return. Many have fallen prey to this attack.
But phishing scams are not a joke- in fact they are dangerous and they come in many forms. They have become more sophisticated as technology has advanced.
Many Fortune 500 companies hire outside sources to work with their technical teams to conduct ‘Phishing Expeditions’. These are fake emails that are generated and sent to the employed of the company. If an employee responds to the email, hey are given additional training for the first or second offense. Some security focused companies will terminate an employee for multiple offense because they pose a security threat.
What is your defense? Common sense, patience and thoughtfulness.
Begin with the knowledge that very few companies will email out of the blue you asking you to verify any personal information. If you receive an email, phone call, text or any other kind of digital communication requesting any personal information be suspicious.
NEVER click on the link in an email, text or message, even if you know the sender- they might have been hacked.
NEVER give any personal information over the phone unless you called the company or it is a return phone call for a conversation you initiated.
NEVER answer a number that you do not recognize- if it is important they will leave a voice mail. When they do leave a voice mail, use the internet to verify the phone number, website or other contact information. Do this by entering the company name into a search engine and comparing the information in the communication. Once you have verified the information is legitimate, it is safe to click on a link. If you cannot verify that the communication is legitimate, do not click on the link, return the phone call or respond to the message. This is true for landlines and mobile devices.
ALWAYS take a few extra minutes to verify the information.
ALWAYS wait until you have time to process a request before responding- this eliminates the impulse to respond quickly.
ALWAYS be suspicious. It is better to be a day late in responding than it is to spend months or years fixing something that could have been avoided.
Phishing attacks play on your trust, your beliefs, your fear and other emotions to be effective. The only way to counter that is to keep our head- use common sense. Slow down.
There is no quick solution to cybersecurity issues. It is a matter of diligence, patience, common sense and using cybersecurity best practices.
I would like to hear your questions and concerns for future articles. You can reach me at firstname.lastname@example.org.
Dr. John B. Nicholas is a Professor of Computer Information Systems and Co-Founder of the Cybersecurity Degree Track at The University of Akron. Dr. Nicholas has over 30 years experience in the technology field in both the private sector and in higher education.
You just read this article for free. The good news is that we’re committed to never putting our content behind a paywall. We want our readers to be able to continue reading for free because we believe everyone should have access to quality journalism.
But here’s the catch: Our work is not free to produce. If you can afford to contribute by joining our co-op and becoming a member, we need your support for the news we offer to remain free and equitable. Plus, we think you’ll love being able to say, “I’m part-owner of a magazine.”
We want all Akronites, our neighboring suburbanites, and our beloved expats to have the opportunity to learn what’s happening here, and to read articles written by contributors whose love for Akron shines through their work. So here’s what we’re asking: Please join us for as little as $1/month in becoming a member. When you click the red button below, you help keep our content free for thousands of readers who might not otherwise be able to access our stories.