Murky Waters

Welcome to another installment of my column. We are rounding out today the final key behavior of the 2024 Cybersecurity campaign: Identifying and reporting phishing attempts.

Have you ever made the mistake of believing a phishing attempt and click on a link in your email, or from an ad, or even a text message you got? I will not poke fun at you if you have, because millions of people have and still continue to click on links from emails and give access to their personal identifiable information (PPI) on a daily basis. That is why it is so important to understand these key concepts.

Let’s take a look at what a phishing email may look like, or disguise itself - as real. In matter of fact, they are not. So you go and wade through the swamp of your emails, and if it’s anything like mine, there are ads and promotions and more informational crap than I will ever have time to truly read through. Some of those promotional emails are legit, but others are not and are hackers/ malicious actors that are posing as well-known organizations and designing their fake emails, messages (smishing) and even sometimes phone calls (that is technically vishing and a similar but a subcategory) to look and act like true sources. They work with good social engineering to deceive you. Social engineering is a manipulation tactic that malicious actors use by causing fear, excitement and urgency to the target which then opens up doors of possibilities of vulnerabilities and they maliciously prey on you and your heightened emotional state.

Here listed are some key factors to look at when you are deciphering if the email is in fact real:

• Return email address. If you can’t make out the return address as an actual name then most likely it is from a fake source. Even different styles of text used together.

• Grammar mistakes. Random capitalization within a sentence.

• Unfamiliar greetings or sign-offs. “Hi Dear User” or “Hello Customer name”

• Suspicious links with a shortened url link, etc. www.bitlyxxxx.xxx

• Requests for PPI.

• Urgency and too-good-to-be-true promotions.

What I failed to mention due to lack of space is that there are many different subcategories of phishing attempts: Spear phishing, whaling, pharming, clone phishing, etc. And I could go into much more detail on each and even further on phishing attempts. But since I can’t, I implore you do your own research online. You will be astounded at the examples from “Netflix,” “Amazon,” “Google,” “PayPal,” etc. There is so much good information out there to keep you and your loved ones safe. So why not take 5-10 minutes of perusing the web for examples. It might save you in the long run.

SEEKING

W

ONDER

BY

SAMANTHA Y OCIUS CREATIVE MEDIA