TITLE TIPS: Protect Yourself from Cyberattacks – Terms to Know

Protect Yourself from Cyberattacks

Every day there is another story in the news about cybersecurity threats, fraud, and the losses they incur.  Many of these are caused by phishing, but did you also know about spear phishing, whaling, vishing, or smishing?  It’s important to know the differences of these types of cyberattacks and how to combat them.  It is no longer just large corporation dealing with these problems, individuals and companies of all sizes need to be concerned as more than two-thirds of all breaches occurred in organizations with less than 100 employees.

Phishing

Phishing is a general term used to describe the attempt to gain financial or confidential information typically in the form of an email.  Phishing attacks will target as many people as possible hoping to fool a few victims into giving them access to a network or data.  These emails appear legitimate and use company logos that appear to be from a trusted source.

Phishing emails try to get users to click on a link, open a document, install software/malware, or enter a username and password into a website that appears to be legitimate in order to gain access to and steal sensitive information.

Spear Phishing

Spear phishing attacks are targeted at a smaller group or individuals than regular phishing.  Information on the victims can be obtained from company websites and social networking sites. This type of attack is usually more successful that phishing and often has specific goals such as particular individuals or the information they have access to.

Whaling

This is yet another impersonation scheme, but the target is usually a high-profile business executive.  The emails are addressed to an executive and will contain the person’s full name, company, and job title.  The goal is to gain access to passwords or other sensitive information the executive possesses.  These messages often use scare tactics like termination or bankruptcy to trick the victim into taking specific action such as completing a fake form or downloading a false maintenance update.

Vishing

Vishing is a type of phishing using a phone system.  The phone call appears to be coming from a legitimate source where caller ID spoofing has been used to disguise the real source of the call.  The call or message appears to be from a reputable financial institution and instructs the victim to call a number due to an account problem.  The instructions then ask for account numbers, PINs, and other sensitive information allowing access into accounts.

Smishing

Smishing is a newer type of phishing where someone attempts to trick you into giving private information through text or SMS message.   The scary thing about smishing is that people are aware of the danger of clicking on links in email but don’t feel the same level of threat with texts.

Any of these cyberattacks can lead to breaches where hackers gain access to company information and sensitive materials.  Real estate transactions have become a huge target due to the payoff gained from wire fraud, the multiple parties involved, and the complexity of the transaction.  According to the FBI, the real estate sector had more than 9,600 victims and lost over $56 million in 2017 with a wire fraud amount averaging $140,000 per theft.

You can protect yourself, your company, and your clients by adhering to the practices below:

• Be suspicious of questionable emails from senders you don’t recognize or that ask for personal or financial information.
• Do not enter personal information or click on links in a pop-up screen.
• Never send personal information, such as bank account numbers or other financial information, via email or other unsecured electronic communication.
• Hover over the address of any link before clicking on it. Be sure to validate this address.
• Verify that the website is secure. The web address should start with the prefix https.  Look for the little padlock symbol in front of the web address in the URL bar to show that it’s secure.
• Do not reply to emails that are suspicious even if you know the sender. Check that the email address is correct or contact that person directly by phone or in person to verify the message was sent.  Hacked email addresses will often vary by only a single letter or number from the valid email address.
• Educate your staff on your security procedures and how to spot phishing emails.
• Run anti-virus and anti-malware software regularly and use firewalls. Keep your operating system and browser up to date.
• Use unique passwords and don’t use the same password among your staff or for multiple sites.
• Report a cyberattack to your superiors and the FBI’s Internet Crime Complaint Center at https://www.ic3.gov/complaint/default.aspx.