There is no doubt that the pandemic has caused great hardships on people, the economy, and a host of other things that we may not feel the impact on for months and or years to come.
There is no doubt that the pandemic has caused great hardships on people, the economy, and a host of other things that we may not feel the impact on for months and or years to come. One thing is for certain, all is well in the cybersecurity space. Hackers are busy hacking. Phishers are busy Phishing and security incidents are on the rise year over year.
The saying “never let a crisis go to waste” is one term I have come to know only recently. This has been put to good use by hackers and bad actors who seek to take advantage of the sudden shift from working in a somewhat secure corporate environment to a home office that is often less secure.
Hackers are also taking advantage of new users of the internet too. We all know them... those people that prior to the pandemic would never dream of shopping online or giving out their credit cards to purchase some online merchandise. Guess what, they are shopping online now. Not due to want, but rather due to the need. Shopping for merchandise, booking an appointment, registering for this or for that, this pandemic has forced those who would not dare to submit their info online to do just that.
Enter the hacker and bad actors. They know there is a bounty of new victims using the internet. They know that new users may not know how to recognize a phishing email or other ruse used to trick them into divulging sensitive information. How is a new user of the internet, or a person that has never had the use for an email address supposed to know what a phishing email looks like?
At the risk of stereotyping elderly people, it is possible that grandma and grandpa, who are honest as the day is long, might never dream that someone who emailed them a desperate note for help, or some “company” asking for them to “verify their account” by logging in, is a devious gutter rat that is looking to bilk them out of their hard-earned money or retirement funds. It happens, every single day.
Some sobering security stats:
- 95% of cybersecurity breaches are caused by human error. (Cybint)
- 94% of malware is delivered by email. (CSO Online)
- 1 in 13 web requests lead to malware. (Symantec)
- Phishing attacks account for more than 80% of reported security incidents. (CSO Online)
The need to defend oneself from cyber attack is great and it is increasing. We all need to do our part and help those that might need it. If you have friends, or family members that fit the description above, why not spend a few minutes with them to educate them on the dangers of falling for an email ruse. Why not make sure they are using strong account passwords and ensure that their home routers are set up properly using secure passwords that are not easy to crack.
To help make it a little easier, we have listed a number of tips below on how to spot a phishing email. Why not copy and paste it in an email and send it to someone you feel may need the help.
Sharing is caring. Let’s do our part.
Remember these Rules to Stay Safe Online Email Address Impersonation.
Attackers can spoof or impersonate email addresses. Be sure to verify the email address to confirm that the sender is legitimate. Attacker uses a public domain.
Companies will not always contact you through a public domain such as @gmail.com or @yahoo.com. Generic greetings.
Often, companies will address you by your first or last name when they send an email. Be careful of emails that begin with “To whom it may concern.” or “Dear ma’am,”. Email requests for personal information.
Companies usually do not request for sensitive personal information over email such as date of birth, address, account numbers, SIN, etc. A lot of errors.
Attackers tend to make a lot of grammar mistakes and spelling errors. This is one of the tactics they often use in sender impersonations. It is best to verify the spelling of the sender’s email address for accurate validation. Suspicious Links.
If you hover your mouse pointer over a link without clicking it, this will reveal the destination URL that the link will be directing you into. If the URL does not match the content presented, do no click the link, and report it to your IT manager. Suspicious or malicious file attachments.
Never open a questionable attachment or an attachment that you did not expect. These attachments may contain malware that can potentially harm your device or your organization. Requests are urgent.
Attackers often lure their victims by making the email as urgent as possible (e.g., “… We need your address and date of birth ASAP as this can result to termination”). Far-fetched offers.
Attackers may offer their victims unrealistic offers or offers that are too good to be true. Beware of emails offering big rewards for a small effort. Dubious messaging.
If the email feels weird or makes you question the legitimacy, it is better to play it safe and ignore or delete the email.
We are here to help.
We have experienced significant growth in our cybersecurity training and managed phishing simulations because of this pandemic. We offer a suite of corporate focused cybersecurity training on numerous topics, including Working from Home, Phishing, Ransomware, ID Theft, and Social Engineering to name just a few. Our managed Phishing Simulations are the most realistic “test” your company can experience, to test the user awareness and reactions to a Phishing Simulation
If you would like to book a consultation with us to discuss your needs, book a free consultation below.
We love to talk.
Jim Kootnekoff
President CEO
SecuSolutions Ltd & Holdings Inc