Tech Solutions NC Featured,Financial,Security,Tech Solutions Phishing Attacks — is there any way to prevent them?

Phishing Attacks — is there any way to prevent them?



Phishing Attacks - is there any way to prevent them

{Editor’s Note: Today we conclude our look at Phishing Attacks, and focus on what we, as internet users, can do to prevent receiving them at all. Click the links to read part one and part two of this series.}

Phishing Attacks — is there any way to prevent them?

Written by Mike Ellis.

Over the past two posts, we have looked at phishing attacks, defined what they are, and learned how to detect them.  The big question, though, on almost everyone’s mind is whether or not there is any way to prevent them.  That, unfortunately, is a tough thing to do.  However, there are things that can be done to minimize the chances that you will receive these type of attacks, so let’s go into them in more detail to see what we (and our mail providers) can do to address this issue.

The unfortunate circumstance is that even the most poorly written phishing attack email is going to catch unsuspecting, unknowing, or otherwise misguided individuals 3% of the time.  In a post from the folks at Sophos, the data suggests that elaborately written phishing attack emails are successful upwards of 45% of the time — nearly 1 and 2.  The post is dated, but the likelihood is that the numbers are still pretty accurate, simply because the hackers are always changing their tactics to stay one or two steps ahead of the competition.  So what can we do? Here are some things you can do to help your security posture:

  1. Stay on guard at all times when accessing the internet and your email. My colleague, friend, and former boss Kim said it best several years back, but the adage still applies today — don’t think that anything you receive in email is private.  There are way to many mail servers that the email has touched from point A to point B in the delivery, so never think that the message is private that you receive in an email. To expand on that point, don’t think that a credit card company, bank, or any other financial institution will contact you via email to conduct business.
  2. Provide alternate methods of verifying your account ownership. As much as I dislike supplying my phone number to sites as an alternate verification method (my first thought is always “Who is going to use this to try and sell me something?”), if your account is ever compromised, having an alternative to a second email address may allow you to regain access to your account much more quickly.
  3. If you can, turn on 2-step authentication. 2-Step authentication, also known as 2-factor verification or authentication, is a security measure whereby when you login to your account — whether it is an email, bank website, or some other account — the account then contacts you via another means to establish that it is really you logging in.  Often, this is by sending a text message to your phone with a code for you to enter to complete the authentication mechanism.  The thought process is that while your email password may be compromised, chances are much lower that your phone will be stolen at the same time.  Often, financial institutions such as American Express, Chase, and others will only require you to enter the 2nd authentication method the first time you login to the website from a new computer, and you can tell it to remember the setting.  Or, you can tell it to prompt you each time.

These are but three things that you can do immediately (in most cases) to increase the security of your internet usage and to cut down on the chances of falling victim to a phishing attack.  Fortunately, the majority of the big email providers are already implementing checks against messages to try and filter the amount of SPAM, virus, and phishing emails that their users receive.  Additionally, businesses with their own IT staff can (and probably have) install systems to check against these types of email messages.  In the end, improving the security of our networked computers isn’t about one solution — it’s a process of using many techniques to reduce the chances of your computer, and by extension, your identity, from being compromised.

Phishing attacks are still around, to this day, and aren’t likely to go away any time soon.  Just last month, the Milwaukee Bucks NBA basketball team fell victim to a phishing attack, and W-2 information was compromised. The simple fact is that far too many people fall for these types of attacks every day for the hackers to stop using the technique.  The key is to make sure that you aren’t one of the victims.

Tags: , , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.