PhishingPhishing is one of the most prevalent cyber attacks currently. Phishing scams are generally fake email messages appearing to come from legitimate companies, like utility companies, a bank, or the IRS. They direct you to a fake website or ask for personal information, especially account related info. Phishing attacks tend to be panic-inducing in tone to catch the reader off-guard by indicating an urgent issue. So what can you do to prevent them?

First, they rely on the fact that web users are over-saturated with information and will click on links or open emails without noticing that the sender domain is not exactly who they think it is. If you receive an email suggesting you need to go to a site to provide information, examine the URL you’re being redirected to for inconsistencies. Reputable organizations will not request confidential information, like Social Security numbers, via email. If you’re still unsure, go to the company website directly and call the contact number to verify the request.

A second useful tip comes from IT Toolbox.

Many successful phishing attacks – namely spear-phishing attacks that target specific individuals in an organization – exploit Internet domains and the inherent trust that users place on domains. Say that your business domain name is x~y~z.com. It’s simple for a criminal hacker to register very similar-looking domain names such as x~y~z-tech.com or x~y~z.us, and then attack your users by sending phishing emails that look like they’re coming from someone legitimate inside your organization. The reality is, with today’s information overload and weary eyes, a lot of computer users aren’t going to notice small nuances in the originating domain name such as this. I think people are getting more savvy in looking for domain names ending in .cn or .ru and not clicking on those links. But it’s human nature (a weakness of our brains?) to overlook something that’s very similar such as a domain name that has a slightly different spelling.

The solution is obvious and simple. Just register all domain names that are similar to your domain name(s). Use your domain registrar to search for similar spellings, adding words or acronyms onto the correct spelling, as well as any top-level domains that you might have overlooked when your original domains were registered such as .info and.net. You will probably spend less than $200 doing so. Imagine if you could reduce your email phishing risks by a significant percentage by spending a mere drop in the bucket of your overall security budget!

Your antivirus and antimalware software can only do part of the work involved in protecting your data. It is up to each user to be vigilant about cyber attacks. If you think you need a more robust security package, contact the data security experts at Great Lakes Computer. We offer a wide range of services designed to keep your data safe and give you peace of mind. If you suspect you’ve been a victim of cyber attacks, it may be wise to utilize our cyber forensic services. We can search your system for intrusions and eliminate them.