Everyday, computer users unwittingly fall victim to social-engineering attacks. What most people don’t realize is that these types of hacking events cannot succeed without their permission. Being aware of prevalent scams is the first step in prevention.
Social engineering occurs when a hacker or cyber thief pretends to interact with you in a legitimate way that lowers your guard.
Phishing, a form of social engineering, attempts to lure you in with a fake email that’s crafted to look like an official communication from your credit-card company, your bank, a retail shop you frequent, etc. Phishing emails typically include a malicious website link or attachment that, once clicked or opened, potentially compromises your business credentials, passwords, and more.
Because most businesses use sophisticated hardware and software to protect their computer networks, we humans have become the weakest link in the quest for online security.
One of our client’s employees recently experienced a phishing attack when he received an email that appeared to come from a legitimate business contact. He clicked on the link and then quickly realized something wasn’t quite right. At our urging, he reached out to the sender to confirm the legitimacy of the email and discovered it was indeed a phishing email sent from a hacker.
Fortunately, we were able to catch the attack early enough in the process; we were confident we had stopped any major data breach. As a precaution, we changed the user’s email password, just in case the hacker had gotten further than we thought.
The key to thwarting social-engineering attacks is your proactive vigilance.
Tips for Keeping Your Computer Safe from Phishing and Other Attacks
- Place your cursor over the sender’s “From” address and wait for the pop-up. Your email program or web browser will display (via pop-up) the real domain name and sender’s address. This technique also applies to web links in emails. Misspelled domain names and names that don’t match the sender’s identity are likely indicators of a phishing scam.
- If you receive something odd or out of character from a known sender, contact them directly via email, phone or text to confirm that they have sent you a legitimate attachment BEFORE you open it. FedEx, UPS, banks, and other companies would never send you a .zip file with tracking information, invoices, or other seemingly important information. Even PDF files can contain malicious payloads.
- If you see a pop up in your web browser claiming that your system has been hacked/infected and that you should click a link or call a number, this is 100% bogus. Don’t fall for this trick…Apple, Microsoft and other vendors would never reach out to you in this way. While this is not technically a phishing attempt, it is another vector that cyber thieves use millions of times a day to steal money and information from unsuspecting users.
- If you receive something from a known entity (like a bank or online vendor) asking you to confirm something on your account, visit the site using the well-known public address you would normally use and ignore the link in the email.
Do you suspect you’ve been a victim of an attack? Are you leery of a laptop’s recent oddball behavior? Create a service ticket or give us a call at 856-243-0150 – we’ll do our best to minimize the damage before it gets out of control.