Hook, line and bait – no we’re not fishing, we’re phishing. This cyberattack is a form of social engendering. Sometimes the attacker approaches you via a telephone call, other times it’s via e-mail, sometimes the attacker is bold enough to even show up in person. This is one of the most preventable attacks out there, but time and again we see our neighbors caught on someone’s hook.
Common attacks are on e-mail credentials, where a victim receives an e-mail that looks like a legitimate support help desk that is asking for the users information such as log-on names or passwords. Sometimes there is a link to click, sometimes there is a reply-to address. In the recent attacks the users got just such an e-mail that spoke about the need to reset or repair their e-mail client. When they clicked on the link they were taken to a copy-cat web site that stored their e-mail address, user name and password. This gave the cybercriminals full and complete access to the victims’ e-mail.
I can not stress this enough – do not follow links in e-mails you did not personally request to have sent. Even if the e-mail appears to be from a trusted friend or trusted colleague. If you’re unsure about the e-mail, contact your friend or colleague directly through a trusted method and don’t forward them the message (cause they might make the mistake of clicking the link…). Yes, I know we’re in the age of the Internet – but your telephone still works, so call and ask.
But, maybe your e-mail doesn’t contain sensitive business information (PO numbers, flight information, shipping labels..)
Maybe your contact list doesn’t have birthdays, anniversaries, childrens’ names and home telephone numbers (all common parts of weak passwords..)
Maybe you are careful and delete those e-mailed receipts that contain your banking information (account numbers, ACH data, vendor contacts..)
Maybe you are careful with your log-ons and don’t use the same user names and passwords on multiple sites (social media, e-mail, financial institutions, work VPNs..)
-Geof “My password is 1,2,3,4,…” Franklin