So I have been in the data privacy and security world for the past 16 years, and I am still amazed at how savvy hacksters are, and how vulnerable we are to their antics. And…how much havoc they can wreak personally and to our employers.
This week’s privacy tip is about phishing. No, not fishing, I am an avid bass fisherman, and no, not the band Phish, which has quite a following. Why are we talking about phishing? Because phishing has become a huge issue with individuals and companies and is predicted to get worse.
In the past, we used to get emails telling us “You have won the Nigerian lottery!” and in order to win, we need to click on a link. It wasn’t very effective, because the email was full of misspellings and terrible grammar. Really, anyone could figure out it was a hoax and we all immediately deleted it.
Not so true anymore. Last week, I received an email from “my IT department” indicating that they needed to update my security, and to send my password so they could implement the security patch. I didn’t recognize the name of the individual and took a casual glance at the url, and it was clearly not my “IT department.” I sent it to my “IT department” and confirmed it was a phishing attack. Luckily, I knew enough not to click on it and to send it straight to my internal experts.
Just yesterday, I received a text from the “Apple help desk” indicating that I needed an update and to click on a link to get the update. Well, of course, I knew it wasn’t legit, so I immediately deleted it.
Unfortunately, many individuals and employees don’t realize the havoc clicking on these links can wreak on their personal devices and their employers’ systems. Phishing attacks are now sophisticated and frequent. Be vigilant in analyzing any email or text you get that tries to get your user name or password. Don’t give your password to anyone. Your “IT department” isn’t going to ask for such information in order to provide you with security updates. Neither is Apple.
Many companies are sending out internal phishing expeditions to catch their employees (pun intended.) Don’t get hooked and reeled in. You will be an unwanted catch.
Enough of the puns. Seriously, stay alert. When in doubt, enlist your IT professionals to confirm that an email or text is legitimate or not. No question is a bad one, and they will be so happy when you check before you click. It is way better to be safe than sorry.