We continue to provide cybersecurity awareness content during October as part of Cybersecurity Awareness Month to help you and your organization to “Do Your Part. #BeCyberSmart.” Individual awareness is a big part of being “CyberSmart”. This week, we’re covering how to help users recognize phishing attacks, including those from SMS messages – sometimes referred to as “smishing”.
What is Phishing?
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure them into providing sensitive data such as personally identifiable information (PII), banking and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.
Common features of a phishing email or SMS message are:
- Too Good To Be True - Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, the message may claim that you have won an iPhone, a lottery, or some other lavish prize.
- Sense of Urgency - A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. Most reliable organizations give ample time before they terminate an account and they never ask patrons to update personal details over the Internet.
- Hyperlinks - A link may not be all it appears to be. Hovering over a link shows the actual URL where a user will be will be directed upon clicking. First, check that the website name is correct and not a spammy site with a close misspelling. Next, hover over the link (without clicking) to see if it directs to where it says it does.
- Attachments - If you see an attachment in an email you weren’t expecting or that doesn’t make sense, don’t open it! Attachments often contain payloads like ransomware or other viruses.
- Unusual Sender - Whether it looks like it’s from someone you don’t know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just generally suspicious don’t click on it!
Recent Phishing Attacks
In recent weeks there have been a number of broad reaching phishing attacks.
- Intuit QuickBooks users have received fake renewal invoices for their QuickBooks licensing. In addition, customers of companies using QuickBooks have been targeted with fake invoices. Read more about the phishing attacks on Intuit users.
- Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, falsely, to offer free access to the full movie. The sites display the beginning of the movie, and then ask users to enter their credit card information to continue watching.
How to Prevent Phishing
Awareness is your best defense against phishing attacks. There are many options for end user education as well as phishing simulators that can help identify end users in your organization who might need more education.
Interested in end user training to prevent Phishing? Concerned about the security of your organization? Contact us.
And don’t forget… Do Your Part. #BeCyberSmart.
Important Microsoft Announcements:
- Microsoft will begin the rollout of Windows 11 through Windows Update as an update to Windows 10 machines starting on October 5, 2021. This update can be postponed. If you need assistance with controlling the rollout of Windows 11 to your organization, please contact TechWise Group or your IT department.
- Starting November 1, 2021, the following versions of Outlook for Windows, as part of Office and Microsoft 365 Apps, will not be able to connect with Office 365 and Microsoft 365 services:
5.0.4970.9999 and older
6.0.4599.9999 and older
Microsoft 365 Apps for enterprise (formerly Office 365 ProPlus)
705 and older
Microsoft 365 Apps for business (formerly Office 365 Business)
705 and older