About 156 million phishing emails are sent around the world every day, so it’s important that you stay vigilant both at work and in your personal lives.
Lifecycle of a phish
Cybercriminals start by choosing someone or a group of people they want to target and the type of information to which they want to gain access. Their goal may be to get Veteran financial or health information or to release ransomware into a system and demand ransom money from the users.
Attackers often compromise their host with a phishing email – or it can be via text or phone call. The victim clicks on a malicious link or reveals the information that the attacker is seeking, believing the email is real. Once they bite, the damage is done. There’s no way to return the information or undo the click. It only takes one successful phishing attack to compromise your network and steal your data, so it’s crucial to “Think Before You Click” and avoid falling for phishing attempts in the first place.
What to do when something smells phish-y
Phishers use emotions like fear, curiosity, urgency, and greed to compel you to open attachments or click on links. The attacks appear to come from real companies or individuals because cybercriminals are becoming more sophisticated every day. Never reveal personal or financial information in an email, don’t respond to email solicitations for information, and don’t follow links in emails that you don’t trust. If you’re unsure whether an email or text is real, try to verify it by contacting the company or sender directly.
Before sending or entering sensitive information in forms or websites online, check the security of the site. Make sure you see https:// in the address where the “s” stands for “secure.” You should also pay close attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may vary in spelling or be sourced from a different domain.
Some other helpful tips to keep in mind:
- Use multi-factor authentication on all apps, accounts, and social platforms that offer it.
- Monitor your online accounts regularly.
- Keep your browser, installed programs, and security software updated.
- Don’t click on email links from unknown sources.
- Never give out personal information over email.
- Block pop-up windows in your browser and never click links in them.
- Track the latest phishing attacks so you know what to expect; for example, monitor resources such as: