Practical Tips to Keep You Safe
We live in a digital world, so keeping your personal information secure and understanding the tools fraudsters use to commit crimes is critical.
Russian Attack Has Increased Phishing
Reports have emerged of hacking campaigns linked directly and indirectly to Russia’s war in Ukraine. A key part to this invasion includes: cyberwarfare. Many experts predicted that Russia would launch significant cyber attacks in Ukraine, unknowing how this would unfold in in the rest of the world. Close to home, enhanced warning comes from the President based on evolving intelligence that the Russian government is exploring additional options related to cyberattacks.
Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals have been successful using emails, text messages, direct messages on social media or in video games, to get people to respond with their personal information. The best defense is awareness and knowing what to look for.
Here are some ways to recognize a phishing email:
- Urgent call to action or threats - Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.
- First time or infrequent senders - While it's not unusual to receive an email from someone for the first time, especially if they are outside your organization, this can be a sign of phishing. When you get an email from somebody you don't recognize, or that Outlook identifies as a new sender, take a moment to examine it extra carefully before you proceed.
- Spelling and bad grammar - Professional companies and organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate in an attempt to evade filters that try to block these attacks.
- Generic greetings - An organization that works with you should know your name and these days it's easy to personalize an email. If the email starts with a generic "Dear sir or madam" that's a warning sign that it might not really be your bank or shopping site.
- Mismatched email domains - If the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers.
- Suspicious links or unexpected attachments - If you suspect that an email message is a scam, don't open any links or attachments that you see. Instead, hover your mouse over, but don't click, the link to see if the address matches the link that was typed in the message.
Whenever you see a message calling for immediate action take a moment, pause, and look carefully at the message. Are you sure it's real? Slow down and be safe.
Over the past few years and with the increasing use of texting and SMS messaging, a newer one in the bag of tricks has been coined as “smishing.” Because it’s text, it often catches people off guard and causes them to react quickly, which is exactly what you shouldn’t do. Like with it's early predecessor, outlined above, look for indicators of incorrect information and when it doubt DO NOT reply.