Cybersecurity: What is Phishing?
By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
Phishing is one of the biggest threats to any business or individual. With October being National Cybersecurity Awareness Month, we thought we’d explain what it is, why it is dangerous, and how to avoid falling for it, which are all critical to staying safe.
What is Phishing?
Officially, phishing is defined as the practice of using fraudulent e-mails and copies of legitimate websites to extract financial data from computer users for purposes of identity theft. But in simple terms, a cybercriminal puts out bait to lure unsuspecting victims to fall for their scams, “hook, line, and sinker.” One email can be sent to a large group at once. It only takes one bite, from one human, for a single phishing cast to be successful. And it isn’t always financial information that they might be after.
Why Is It Dangerous?
One person being careless or more susceptible to a phishing email is all that takes. Information obtained may be used to take down an entire business or network. A single set of credentials is like giving a hacker the keys to the kingdom. Phishing attempts can redirect you to a fake website that can look identical to the real site. If you input your login information or update information, you have unknowingly passed along data. And that information can then be used to access more confidential data. It may also be used to shut down and hold a business’s network for ransom.
How To Avoid Phishing Scams
The SLAM Method is a good way to remember how to avoid phishing scams. Always check the SENDER. You can hover over a name on an email to see what the actual email address is. If the name or address is spelled out, look for errors. This might be missing or substituted numbers and letters in an address. Those can also be used to mimic each other. The company name should be correctly identified in an email. For example, Gmail or Hotmail addresses are more likely to be fraudulent. The L in the SLAM method stands for LINKS. An email with links might lead to fake web pages or they could be used to deploy malicious programs that would take over your network for ransom. This is known as malware and ransomware. ATTACHMENTS should be viewed with the same consideration. An attached file can contain malware. And the M in SLAM is for MESSAGE. While phishing emails can be sophisticated messages to fool even the savviest among us, there are signs to look for. Generic greetings or unusual requests from familiar people should be a red flag. Grammatical errors and strange wording are more obvious but don’t be fooled to trust the most articulate email.
What to Do?
Should you become concerned about an email or worried that you have clicked on a phishing link or attachment, contact your IT department immediately. Deleting the email, shutting down your system, ignoring the situation, or forwarding the message to a friend is NOT the correct approach. Remember, the sooner that you alert the proper team member, the quicker the threat or danger can be contained. This is critical.
This article was originally published on HIPAA Secure Now! and is republished here with permission.