Our headline could be written nearly every month. Phishing, Spear Phishing, and their variants are happening with more and more frequency and the attacks are becoming more sophisticated. Some of the largest data breaches in the last year happened because someone responded to an email or clicked on a bad link causing a virus to be installed on a machine or allowing a "bad actor" to gain access through to a desktop and many times to an entire network. And yes, it happens here.
There are two parts to this article - We start with what is Phishing, how to spot it and defend against it. The second part talks about the "Tech Support" Phishing Scam which may involve an faked phone call or email from Norton by Symantec. You can replace Norton's name with any legitimate software or hardware maker.
A phishing email is a malicious attack that attempts to obtain your sensitive information by tricking you into believing the message is valid and opening it. Phishing attempts masquerade as legitimate or trusted entities, which makes them difficult to detect. Here are some warning signs you should be on the look out for:
- The "From" email address is unofficial-looking, misspelled, or contains typos. The "From" email may also be different if you look into the email's info, rather than just the display name.
- Urgent action required. If the email is trying to scare or intimidate you, or rush you into action, be wary.
- Vague salutations. The email may be addressed to "Valued Customer" or another generic salutation.
- There are misspellings, typos, or grammatical problems.
- A family member, friend, or business colleague needs someting out of the ordinary. This can be the begnning of a Spear Phishing attack. This can be a phone call, email, or even a text.
Always hang up the phone and never respond to an email exhibiting any of these charateristics, no matter how convincing they seem. Call the person back using a known phone number or better yet - email them or message them using a different device. You'll quickly learn whether the initial contact was legitimate or not.
This happened last month to one of The Computing Center employee's spouse. He received what appeared to be an unsolcited phone call from the Social Security Administration about their Social Security benefits. He immediately hung up, looked up the phone number online and discovered that it was indeed a reported scam number. The phone number, date, and time were reported to the SSA Fraud Department.