Uncategorized
Phishing Security

Ten Tips for Not Getting Spear Phished

10/26/2015
Gagan Prakash, CEO, Astra Identity

When
you see an e-mail from an old friend who you haven’t spoken with in a bit –
what do you do?
Do
you trust the e-mail – because you recognize
their name? Or do you trust but verify the
details before taking actions like clicking links/attachments, etc.?
If
you are a “Truster” — you
might be setting yourself up to get spear-phished. Spear-phishing is where a
hacker pretends to be a friend, a colleague or a known brand to get you to open
an e-mail and take an Action. The Action might be to click a link, open an
attachment OR send out a Wire Transfer.
“These
attacks are real. The FBI estimates that in the last 2 years 7,000 companies
have lost more than 750 Million because of e-mail related issues! Interestingly
most of these companies have spam and virus filtering that fails to protect
them.”
So “Truster” or “Verifier” what can you do? Here
are ten tips for not getting spear-phished:
Watch the e-mail subject and tone
1.
Be extra careful with any e-mails that try to cause a sense of urgency or
fear. E-mails focused on financial transactions or those where you
urgently need to do something are designed to get you to take
action without thinking.
2.
Be careful of communication you weren’t expecting. For example, you know if you
placed that order on Amazon — so assume that an unexpected Amazon e-mail is a
phishing message.
3.
Be extra careful around e-mail concerning financial transactions. Don’t click
the links or open the attachments. Go right to the financial institutions
website to interact with them.
Look at the e-mail sender’s information carefully
4.
Watch for misspelt names and unusual e-mail addresses. For instance, if
your friend normally e-mails you from beerboy37@gmail.com but today the email is coming frombeerboy37@yahoo.com – be much more careful before taking
an action.
5.
Always distrust e-mail from people you don’t know. For example, if your
Manager’s Manager doesn’t know you and never talks to you — but today you
are getting an e-mail from her asking you to do something – check it carefully.
6.
Look for changed patterns of behavior. For example, if your wife always
e-mail your @gmail.com address but today her e-mail is coming to your work
address it is a change in her behavior. These don’t happen regularly and may
indicate something phishy!
Examine all the links
7.
Hackers use a combination of good and bad links in each e-mail. Hover on any
link you will click to check it out before you click it.
8.
Be careful with shortened links such as tiny.url or numeric links. For example,
if you get a link to http://www.amazon.com in an email but when you hover on it
is shows http://tiny.url/amazon or http://37.53.67.85/cgi-bin/index.pl don’t
click the link. Instead open a browser and type in www.amazon.com — which is
the address the link is trying to take you to.
Attachments, Shattachments
9.
Don’t open any attachments that are for executable files. Bad attachments can
result in a hacker holding your computers hostage by encrypting all
its data with cryptolocker or worse installing a keylogger that gives them
full visibility into all your usernames and passwords. If you are running
Anti-Virus make sure it is set to auto-update daily, and to scan everything
that runs. Also make sure to turn automatic OS updates on.
10.
Don’t trust Microsoft Office or PDF type attachments. These attachments can
contain malicious code that executes and causes similar issues to executable
type files. I recommend that you turn Macro’s off on Microsoft Office apps and
set both Microsoft Office and Adobe Acrobat to auto-update.
So
regardless of whether you are a “Truster” or a “Verifier“, I hope that
these ten tips help you not get spear-phished!
Gagan Prakash is the Founder, CEO of Astra IDentity, Inc.

Upcoming Events

Share

Related Articles