The other day a friend invited me to go fishing. And while sitting around for hours baking in the sun, waiting for what seems like forever for a “bobber to bob” – may be fun for some, to me it’s just not top of the list for activities I’d do on a Saturday afternoon. (No offense to the fishing aficionados!)
However, the idea of fishing and putting bait out there in the hopes of catching some ‘takers’ certainly made a connection in my mind to digital ‘phishing’ schemes. While you think you have bigger fish to fry, you may be leaving your network vulnerable this holiday season unless you take steps to be fully protected. At this time last year, the news headlines were all about the Target theft of up to 110 million people’s personal information including credit card data. Did you know the initial means of attack was a phishing email sent to a Target employee that installed malware on the users system?
Phishing attacks comprise 91% of malicious email attacks today. It works like this. You get an email from a Facebook “friend” about a picture they just posted of you. You click the link to look at the email and type in your name and password, and it fails. You type it in again and are logged into Facebook. Did you see the attack? Nope. The initial link you clicked on sent you to a fake site that captured your username and password, then passed you to the real Facebook page, where you typed it in again to login. You just thought you mistyped your info the first time, but in reality, you just gave your information to a hacker. Forget Facebook (which has 7 accounts hacked every second according to Facebook!)… the same thing can happen with your bank account. Besides stealing passwords, phishing attacks often install malware on your computer. The Target employee had freeware malware scanning software installed, which doesn’t run in real-time so the user had no idea their computer was compromised.
I gave a Cyber Security presentation to a large group of users last month. The following week, one of the conference attendees received a phishing email, which they clicked on. This loaded a ransom-ware that encrypted 100GB of corporate data, and held the user hostage to pay $300 within 3 days or lose the data for good. When the user clicked the email, they fell for the phishing scam hook, line and sinker! The firm lost a day’s work while all the data was restored from backup. Just on salary cost alone, this firm of 50 lost approximately $10,000 in lost productivity.
So what should you do to prevent someone from reeling you in? Make sure you and your fellow users are educated on what a phishing attack is. Always hover over the links in an email and check them out before you click them. Ensure you have strong antivirus software installed, and no matter what, make sure you have good backups in place (of all the network assessments we perform each year, more than half have serious faults in their backup strategy leaving them vulnerable).
We protect our clients with multiple lines of defense and backup. Want to have your network checked out? Give us a call at 954-920-9604 and we’ll be happy to schedule a visit with you to look over your network.
For FREE STUFF, download our informative White Paper on the topic of how to protect your identity > Click here to Download.