60 Second Cybersecurity - Going Phishing

Phish is the name of a jam band that used to travel with the Grateful Dead, and Phish Food is the name of a tasty ice cream flavor from Ben and Jerry’s. That said, we’re going to talk about the other kind of phish – the phishing attack, which is an attempt to hack you and make your day go from good or bad to very, very bad. Ready for your Hours of Fun next installment?

Phishing is an attempt to hack you through posing as a legitimate email.

It’s an important concept to understand and be vigilant about because of how sophisticated the technique is. You cannot protect yourself 100% unless you stop using email and text messaging. But there are a few ways to reduce the chances of getting hacked.

#1: It Pays to Be Paranoid: Never Click On Links In Unsolicited Email Or Text Messages

In the course of the 1,000 or so emails you get in any given day, once in a while you may come across something like this, which might get past spam filters despite their best attempts. It looks innocuous, but is devious.

Emails like this can look very legitimate, down to copying the exact format used by a trusted entity. If you click on the link, they often mimic the original website exactly.

But because of the way HTML code works, the text of a link and the destination of a link can be different.

For example, the link looks like it goes to PayPal, but it might go somewhere else entirely.

You can sometimes roll your mouse over a link, or right click and “copy the link URL” pasting it in a separate document to see what the “real” destination is.

Telltale signs of foolery include random/nonsense website names (which might be registered on the fly and discarded after hacking enough people), or anything different than the legitimate, main website of the entity in question.

The bottom line is, to really be safe, don’t click on any link in an email or text message that is unsolicited. Meaning, if you need to go to a website, type the official address in your browser.

#2: Don’t Act on Requests from Trusted Sources (Spearphishing)

Wait a second. What? If you trust a person of course you can act on an email, click on a link or download something. But wait. What if it’s not really from that person.

This is a really dangerous, increasingly common technique that fools even vigilant people ,because email accounts from people you know can be hacked.

Always, always verify any unexpected email asking you to click on a link. In some cases, you can check to see if the actual destination of a link is different than what it appears to be, but the safest approach is to always ask for confirmation of anything you’re not expecting, from anyone, especially when it’s a warning that you’ve been hacked. A “you’ve been hacked” warning is a favorite method of tricking a person into revealing information or downloading something that is supposed to unhack you, when it is really installing malware on your computer.

In theory, the most common method of hacking involves tricking you into entering in your login and password, or other vital information. But in some cases, even just clicking on a link can lead to your account being hacked. So be paranoid. Listen to the song Paranoid from Black Sabbath. Trust no one.

#3: Keep Everything Up to Date

No question, it’s hard to follow the safest route – confirming any unexpected email with a link. It’s a little easier to try and avoid entering your information or never downloading and double clicking on anything unexpected. But no matter how vigilant you are, even if you intend never to do these things, you might slip up, at the end of a long day.

There are no guarantees, but it certainly helps to keep everything updated, Including your operating system on your computer and phone. Keep anti-virus and anti-malware software up to date, and make sure you have the latest versions of an Internet browser. Sometimes the software on your computer can warn you if you’re about to do something stupid or can actually prevent it.

It’s a constant game of cat and mouse. Hackers try to find new ways to trick people, including hacking some people so that they can appear as them and hack others. So in the end the best protection is to be vigilant and paranoid.

For More Reading

https://www.paypal.com/us/webapps/mpp/security/suspicious-activity

https://us.norton.com/spear-phishing-scam-not-sport/article

https://motherboard.vice.com/en_us/article/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts