How to deal with sneaky spear phishing- and more- on Safer Internet Day
Each February, millions of people around the world observe Safer Internet Day, joining “Together for a better Internet.” This year marks the 20th anniversary of this global observance, and while a lot has changed over that time, some things remain constant. In particular, effective cybersecurity relies only in part on technology. Even as tools and systems become more powerful, avoiding security mishaps largely depends on people doing the right thing. And while every day is a good day to take stock of what you’re doing to protect yourself, your family and your business online, Safer Internet Day is a great opportunity to stop and reflect on how we can all help promote a responsible, respectful, critical, and creative use of digital technologies – with the ultimate goal of fostering a better Internet for all.
In support of a safer Internet for all – in 2023 and for years to come – here are some insights on today’s most prevalent threats and what you can do to stay cyber secure.
Stick to legitimate software, and keep it up to date
Malicious actors are constantly on the hunt for vulnerabilities in software that will allow them to infiltrate your devices and networks, which is why it’s so important to regularly update your software with the latest patches and security updates. And remember, this applies not just to business software but to games as well. Popular online games have been compromised recently, allowing attackers to take over gamers’ PCs or otherwise break into gaming accounts and systems.
While the price tag on some games might tempt certain users to opt for pirated versions they can download free of charge, the risks are high and can be extremely costly. Attackers often try to lure victims with pirated software that contains embedded malware or a backdoor into their computers. Key crackers, which can be used to get around software license keys, could also contain dangerous trojans. Beyond the fact that pirating software is unethical, you’re better off sticking to software purchased from legitimate sources for security reasons, too!
Combat hard-to-detect spear phishing attacks
Cybercriminals are improving at creating individually targeted emails or text and message app messages that pretend to be legitimate, often spoofing your friends and co-workers or businesses and organizations (like banks, retailers, and government agencies) that you trust. Their goal is often to get you to visit fake websites that harvest your log-in credentials and other personal information, transfer money, and/or deliver malware. Malicious messages might include attachments with documents that contain malware as well. And stolen data is often sold and used for things like identity theft and fraud.
These attacks have gotten better and more personalized with automated phishing tools and programs that cull social media networks and other places on the web where people post personal information. And with more people signing up for services like online shopping and banking during the pandemic, the opportunities for cybercriminals to take advantage of unsuspecting consumers are even greater.
Stopping spear phishing starts with being vigilant. Keep an eye out for warning signs like requests from managers or co-workers that seem out of the ordinary. Check for any details that just don’t add up. Always check the full email address to ensure a message is from a legitimate source, and delete it if it doesn’t look right; but also keep in mind that attackers can spoof email addresses if your domain doesn’t have the right protections (like DNS filtering). Check the domain on anything you click to ensure it really goes to the right place, and simply avoid clicking domains in correspondence. Sometimes it’s just better to type them in manually. Never download files from unfamiliar senders, skip the link in favor of manually typing in your intended destination, and when in doubt, forward the email to your IT or security department for closer inspection.
Beware of sneaky spear phishing attacks
Spear phishing attacks are a major security threat evolving in sophistication and efficacy as cybercriminals become more skilled at creating individualized and convincing emails and messages. They often appear to be from a trusted source – masquerading as a note from a friend, family member, co-worker, or other legitimate business or organization (like a retailer, bank, or government agency) – and are often used to deliver malware trick recipients into transferring funds, or get people to visit fake websites that have been spun-up to harvest login credentials or other personal information. Malicious messages might include attachments with documents that contain malware as well. Once your data is stolen, it’s often sold and used for identity theft and fraud.
Criminals increasingly rely on automated phishing tools and programs that cull information from social media networks and other web sources to better target and personalize their attacks. The growing number of users signing up for various online services year after year has only increased the opportunity for cybercriminals looking to leverage them against unsuspecting consumers.
Protecting yourself from spear phishing attacks starts with being vigilant. Keep an eye out for red flags, such as requests from managers or co-workers that seem out of the ordinary or messages with lots of grammar or spelling mistakes. Be sure to double-check the sender’s full email address to ensure the news is coming from a legitimate contact, and delete it if it doesn’t look right, but also keep in mind that attackers can spoof email addresses if your domain doesn’t have the right protections (such as DMARC’s combination of SPF and DKIM). Never download files from unfamiliar senders, and be wary of links.
At the same time, you should even remain skeptical of any unexpected links and attachments from senders you appear to know and validate that they were actually sent by the contacts they seem to be from first. You can always hover your mouse over a link to preview the URL before clicking – or skip the click instead of manually typing the URL for the intended destination in your Internet browser. Or, better yet, avoid clicking links in phishing messages altogether. And, when in doubt, forward the email to your IT or security department for closer inspection.
Ultimately, if the details don’t add up or anything feels off, it’s better to stay on the safe side. By staying alert and exercising an abundance of caution, you, too, can protect yourself from falling victim to sneaky attacks and ensure a safer Internet experience.