By Andy Kriege, YSN
You may have heard it said that “A bad day of fishing is better than a good day at work.”
While that may be true, a bad day of phishing will give you much more than just a bad day at the store. Being “phished” could cost you a great deal of time and money and create a ton of misery.
What exactly is “phishing”? Scammers launch tens of thousands of attacks every day to gain access to your computer or to trick you into giving them your personal information. They may try to steal your passwords, account numbers or Social Security number. They can gain access to your email and contacts, as well as your banking accounts. Once they have gained access, the nightmare is just getting started. It can take months to rebuild your computer, your credit and your life.
According to a recent data breach report from Verizon, users click on and open 30 percent of all phishing emails, and only 3 percent of targeted users reported these malicious emails to management. What’s more, users opened malicious attachments within those emails 12 percent of the time, the data showed. No surprise then that the FBI’s 2019 Internet Crime Report recorded more than $3.5 billion in losses from cyber attacks on individuals and businesses last year.
Although it has been around for years, phishing remains one of the leading methods used by cybercriminals to attack and gain access to your computer. These malicious intrusions are commonly referred to as “malware.” Malware could come in the form of a virus or worm, ransomware, spyware or countless other variations, and while the phishing “hooks” have grown more sophisticated over the years, the delivery techniques haven’t changed all that much. Most come in the form of an email with a link or an attachment and are enticing enough to get at least some of their intended targets to open the note and click on the malware. Often, they appear to have been sent by a family member, friend or colleague at work.
Scammers often update their tactics, but there are a number of warning signs that can help you recognize a phishing email or text message. (See chart, below.)
The problem is huge and as long as vulnerable people fail to take the necessary precautions to protect themselves, the problem is not going away anytime soon. Our suggestion is to avoid the bait and thereby never get hooked by unscrupulous phishing scheme.
But don’t just take our advice — in response to a significant increase in the volume of attempted phishing attacks in recent weeks, Jim Marks, Development Operations Director at AVB, has made it his personal mission to make the group’s staff and members aware of the risks associated with these schemes. Here’s what he had to say:
“Part of the reason we decided to reach out to all AVB employees about this issue is that we all struggle with a lot of uncertainty about how to handle phishing attacks,” Marks noted. “Indeed, part of my mission as our new DevOps Director is to help find ways for all of us to work together to meet challenges small and large around working with technology. And security in general is something that we can do best together with the help of clear policies and direction.
“Phishing is a unique type of technology challenge because of the malicious intent at the heart of it,” he said. “We experience phishing as part of our technology platform, but we have to remember that at its core this is about bad actors trying to hurt us. It can be really embarrassing and uncomfortable to be the victim of these kinds of attacks. That’s why it’s important for all of us to become educated and to recognize that we are all one click away from becoming the next victim of a phishing attack.”
He continued, “The reason why phishing attacks are so nefarious is that there is almost nothing we can do to reduce our exposure to them. The attacks are so successful because of the way they exploit the tools we use daily to get our jobs done. It’s just not practical to stop using email. And when we have hundreds of emails in our backlogs, we may get a little bit careless as we work our way through them.
“That is why it is so important that we work together to heighten our awareness and sharpen our skills at recognizing these attacks before we fall victim to them,” Marks said. “We hope that through talking about this threat and learning about it together that we can limit and even completely eliminate its power to harm our enterprise.”
The simple solution, he added, is to avoid sending or clicking on email attachments or links. But if
you feel you need to take this leap of faith and click on a link in an email, make sure to follow these five safety checks:
Know Your Sender: Check the name and email address carefully.
Look Before You Click: Hover your cursor over any links to make sure they go where you think they’re going.
No to Unknown Senders: Never click on any link or attachment from an unknown sender.
Be Wary of Manipulation: This includes any email that asks you to do something urgently. Be especially wary of any requests for money or personal or corporate information of a confidential nature.
Contact the Sender. If you see or sense anything suspicious or unusual about an email, contact the sender for verification. Do not reply to the email; contact the sender by any other method.
YSN is published by AVB Inc.