Electronic Attacks and Your Best Defense
Criminals use many different pieces of information and forms of communication to obtain your private information. Names, account names, partial and/or old passwords, credit card numbers, and social security numbers used in various combinations can pique our interest to respond to communications sent using various delivery methods.
According to a , “a quarter of survey respondents said that at some point during their career they have fallen for a phishing email at work. Being distracted was blamed for 45 percent of these phishing clicks – more than any other reason, including tactics by the cybercriminals themselves (e.g. the email looked legitimate or appeared to come from a senior member of the organization).”
The dynamics of different work locations and conditions amid the COVID-19 pandemic are only adding distractions.
Some common attack vectors:
Phishing is an email where criminals prey on the recipient’s curiosity with attention-grabbing subject lines or content. COVID-19 has become a particularly popular topic for malicious links and unexpected attachments. Be especially cautious with messages flagged using a [SPAM] warning banner in the subject line. If you doubt a message’s authenticity, contact the sender through known, valid contact information; never reply directly to the suspicious email.
Vishing or voice phishing is a phone call where criminals impersonate a personal contact, government agency, law enforcement official or local utility provider requesting immediate payment using gift card data or bank account information. When in doubt, hang up and call the person or organization directly using a known, valid number.
Smishing or SMS phishing is a text message where criminals impersonate an important personal contact requesting credit card information, gift card data, identification numbers or money orders in a hurry. Always get verification through known, valid contact information before taking any action.
The most effective defense against these kinds of attacks is a healthy dose of suspicion. Understanding the threats, recognizing potential warning signs and slowing down to consider the overall situation can help you avoid becoming a victim. Even if someone seems legitimate, take the extra moment and confirm through known, valid contact information.