Connections

How to fight Phishing attacks

Written by Hawaiian Telcom | Nov 3, 2021 2:24:40 AM

Phishing has become one of the most popular attacks that hackers use because of the information they can retrieve. Phishing is a cyber attack technique that tricks users into clicking links, giving credentials or downloading malware to capture Personally Identifiable Information (PII). These cyber attacks originated in the mid 1990’s and are constantly evolving to exploit vulnerabilities.

Types of Phishing Attacks

  • Email Phishing: This method involves an attacker who poses as someone you trust and sends you an email that includes links to redirect you to the attacker’s website, questions to retrieve credentials or PII, and links to download malware.
  • Malware Phishing: This attack is within emails that have links to download software. The email may state that you’re required by IT or someone you trust to download the software. Once the malware is downloaded, it could infect files, your computer, and if this happens on your business computer, it could possibly spread throughout your company’s network.
  • Spear Phishing: This is similar to email phishing, but instead of a mass email, this one is targeted to specific groups or people such as executives.
  • Smishing: Malicious SMS (short message service) messages that suggest you have won a prize or need to log into to an account by clicking a link in the message.
  • Vishing: Vishing is when attackers call you, purporting to be representatives from IT, government agencies, or corporations. They may say your account has been compromised and ask for your credentials in order to fix the problem.

Ways to prevent phishing attacks

  • Don't click on hyperlinks you are unsure of. Hover over link to possibly see if it takes you to a legitimate website. Do this especially for shortened weblinks such as bit.ly and tinyURL.
  • Read emails or texts thoroughly and look for some indicators that  it's a potential phish such as misspellings, strange or unknow email domains or websites, or not acknowledging your name.
  • Rotate passwords regularly
  • Before giving out PII, confirm the company is legit. You can accomplish this by going to their website and calling their Contact Us number to verify they need your PII.