The Need for Phishing “Golden Rules” Proves There’s no Cure for Humanity

Why so dramatic? Because phishing, for a large part, is only successful amongst hackers who rely on the carelessness of people who’re:

  • Reading a “too-good-to-be-true” email and entering their credit card numbers
  • Seeing a text, think, “That’s too good a deal!” and clicking anyway to give up a password
  • Grandparents seeing an “Unknown” number on caller ID hoping it’s a grandkid calling to say “hi”—but instead Li’l Johnny needs a wire transfer to the Bahamas to get out a jam

It's a trap!And as you well know, once a credit card number is given, a password is stolen, or a bank account is revealed—sensitive data of the utmost importance—the road to identity theft and financial loss is fast and furious.

4 Golden Rules to Phishing You Use

But you don’t have to fall for any of this (and neither does your grandma!). Just follow these 4 golden rules to avoid falling victim

1.     Unknown number? Don’t pick up!

Who has a landline anymore (besides Grandma)? And if you have a landline, who doesn’t have caller ID? Gone are the days when you picked up the phone and you didn’t know who was calling—and you didn’t care.

How to keep safe:

If you see a number and the caller leaves a voicemail saying it’s Li’l Johnny, take the number down and call it up to see if that’s the case. If you want to be extra careful, dial #67 to mask your own caller ID.

2.     Never click that link before hovering over it

We mentioned this in 4 Social Engineering Tricks Cybercriminals Use to Get Your Data to never click a link without checking it out first. This is one of the oldest tricks in the books—hackers will send you a phishing email with links that look OK to trick you into visiting an unsafe web page or downloading spyware/malware/ransomware that gives them access to your computer.

Is this link legit? Nope, the email address does not match the displayed name.

Before you click a linkimage, email, texthover your mouse over it. The address that pops up should match the email sender or web site you’re going to.

3.     Be wary of free public Wi-Fi and the Evil Twin

The Shining Twins

Evil Twin refers to public Wi-Fi names being spoofed. For instance, say at the airport, you see two Wi-Fi networks that are both named “O’Hare Public Wi-Fi”. Which one is real? Most likely, one is real, the other may be someone’s personal hotspot who is sitting nearby.

How to keep safe:

  • Just avoid those tempting, free unsecured Wi-Fi hotpots
  • Turn off auto-connect on your device
  • If you do connect, does the URL start with HTTPS (“S” as you know, stands for “Secure”)?
  • Use a VPN to encrypt your data before the hacker even sees it

4.     Thar she blows! Whaling fishing goes after the big boss!

Whaling is a highly targeted phishing attack, aimed at your organization’s senior executives. Because whaling attacks are generally well planned, they’re more challenging to spot than run-of-the-mill phishing attacks.

How to keep safe:

One way companies can protect against whaling is to build phishing training into its culture by:

  • Encouraging all employee to undergo security awareness training
  • Identifying those employees who may be lax in taking security precautions seriously
  • Restricting accounts who have previously been hacked or are hacked often

Phishing in the Real World has Been Going on Forever

Phishing and its cousins, Whaling and Spear Fishing, are all about taking advantage of built-in social engineering. See a woman with a crying baby kneel to the ground? While you help her out, someone else is picking your pocket.

Just like the mugger, bad apples, hackers, and black hats will stop at nothing to exploit your web site and customers. In fact, with the explosive growth to online payments in the last couple years, online fraud has never been more profitable. Fraud has itself become commoditized.

Connect with the Covestic team at servicenow@covestic.com.

4 Social Engineering Tricks Cybercriminals Use to Get Your Data