You might have heard of "phishing" in your annual security training or seen emails that demand you immediately sign in to an account to address a problem. It's a ruse used by cyber attackers to trick people into sharing personal information, especially passwords. The attacker will attempt to leverage a trusted relationship of yours, like pretending to be your bank or someone you work with, feign an emergency and insist you “take action right now” instead of ignoring the request.
Given the right timing, the right message, or happening upon a moment of distraction, it's easy to get someone to make a mistake.
Falling for a phishing attack is more than just a whoopsie moment:
- If you don't have multi-factor authentication enabled on an account, your username and password are the only pieces of information the attacker needs to grab.
- If you reuse a password for more than one account, the attacker now has access to not just one account but many.
- If you use the same password for your email account the attacker has really hit the jackpot. Recall the last time you clicked on a "Forgot password" link on a website, followed the instructions and the magic link to reset your password went to your email account?
Pretty convincing, right? The problem isn't that someone was duped, the problem is that discerning fake emails throughout our busy lives is difficult, and we need to let technology help us where it can. Relying on your ability to consistently and accurately distinguish a fraudulent sign-in request from an authentic one is unrealistic.
Everyone should use a password manager to ease the burden of managing many unique passwords and turn on two-factor authentication (2FA) if you work with sensitive material or have a valuable account. We'll cover two-factor and multi-factor authentication in a future blog post. For now, identify your important accounts (like email, cloud storage, or financial services) and visit the account settings page to enable 2FA. Don't forget to protect your social media accounts: personal, corporate, and brand. As our CTO Otavio Freire recently told DarkReading.com, social networks are a great place for spear phishers to collect background for personalizing a message.
SafeGuard Cyber's digital risk protection platform can help you defend your business from cyber attacks. Contact us for a demo to hear more about how we can discover, protect, and mitigate against these threats.