One of the primary 2021 Cybersecurity Awareness Month’s focuses is resisting the phishing threat. Read how to fight against phishing and #BeCyberSmart!
It is hard to disagree that our online and offline lives are becoming increasingly indistinguishable. Being citizens of their countries, people also become netizens of the global network. At the same time, organizations use multiple benefits from expanding their operations online. However, immersion into the virtual environment is not without disadvantages. The online mode contains numerous threats and demands rules to keep all stakeholders safe. Thus, everyone should follow the rules and implement robust security practices to support safety and resiliency inside the cyberenvironment.
#CybersecurityAwarenessMonth is dedicated to raising cybersecurity awareness among U.S. citizens and organizations. It also provides them with critical and up-to-date cybersecurity information that helps them stay safe. Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) are the main supporters of the campaign.
The focal point of the 2021 Cybersecurity Awareness Month is “Do Your Part. #BeCyberSmart”. At the same time, there are different themes, which address specific cybersecurity challenges and identify opportunities for behavioral change within the virtual environment. One of such topics of this year is Phight the Phish!
Phishing attacks have always been a proliferating type of cybercrime. However, phishing scams have been thriving during the last few years. FBI notes that phishing attacks have risen more than tenfold over the past five years in the U.S. The highest leap occurred in 2020. It is not hard to guess that the COVID-related social isolation and increased reliance on virtual operations contributed to this trend.
However, the COVID pandemic is not the only factor in this issue. People also matter, and we are not talking only about hackers; naive Internet users also help this cybercrime thrive. According to Sophos’s Whitepaper Research, the percentage of Americans who consider suspicious messages phishing is 42%, while another part responds to these emails or clicks the links inside with no delay. The rate of phishing-aware netizens in Israel is significantly higher – 60%, which is more than double the percentage in Mexico (23%). As such, the U.S. is along the continuum between the two extremes, which means Americans lack phishing security awareness.
Hackers often use phishing emails as channels to trigger more severe attacks. For instance, phishing is one of the primary ransomware infection vectors. The real buzzword of this year was a Colonial Pipelines ransomware attack, as it caused financial damages and severe pipeline infrastructure disruption. However, not all understand that such million-dollar attacks like this often start with phishing.
The whole phishing scenario looks like the following: an employee receives an email from a spoofed address (a bank or an insurance provider) with a .zip attachment or a link. The email appears trustworthy due to a familiar text and a known email address. The text encourages the victim to open the attachment triggering a malicious program that compromises the system. Finally, the victim is then prompted with a screen informing that sensitive data has been encrypted. Instilling fear and panic, hackers demand to click on a link or pay a ransom.
As such, a single phishing attack may not only lead to confidential data or login credentials exposure. Being used by hacker groups may become the vector for more sophisticated attacks.
CISA provides a bulk of Cybersecurity Awareness Month Resources to help learn how to reduce cybersecurity risks and to protect themselves online. There are resources dedicated to a specific topic. Here is the CISA’a phishing tip sheet.
Hackers often use malicious links in emails and online posts to compromise your computer, hoping that a naive addressee will click on them. If you’re unsure about the sender or their motives, do not respond and never click on links or attachments found in that email. Be cautious of the generic language of the message, such as “Hello Bank Customer” or “Hello, Dear Applicant,” as these are often signs of phishing attempts. If you are concerned about the email’s legitimacy, call the sender directly.
Beware of rushing emails that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
If the senders have such details as your job title, multiple email addresses, full name, and more info that you may have published online—they can attempt a direct spear-phishing attack on you. Cybercriminals use these details to manipulate you into skipping standard security protocols.
Avoid clicking on hyperlinks in emails. Always ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information. Hover over the link to determine the real address of the site hidden behind the link.
Ensure that you are the only person who has access to your account by using multi-factor authentication (MFA). Use it for internet activities that require logging in – banking, social media, emails, etc. If MFA is an option, enable it using a trusted mobile device, such as your smartphone, an authenticator app, or a security token.
Consider using the longest and the most sophisticated password permissible. Customize your standard password for different sites. This could prevent cybercriminals from gaining access to all your accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
Ensure all of your computers, phones, and tablets are equipped with regularly updated anti-virus software, firewalls, email filters, and anti-spyware.
Thank you for your interest and commitment to Cybersecurity Awareness Month! Please, email the Planet 9 team if you need more information.