1. WHAT IS “PHISHING”?
“Phishing” is a type of cyberattack that seeks to mislead computer users into giving out sensitive information to malicious individuals or downloading malware onto their computers. Phishing takes numerous forms. (1) Phishing emails, (2) phishing websites, (2) phishing texts, and (3) phishing social media messages pour in upon users every day. These attacks can be highly sophisticated and seek to steal your personal information or turn your computer into a stepping stone that can be leveraged to attack other devices.
2. AN EXAMPLE OF PHISHING
As an example of computers being used as stepping stones for cyberattacks, the Solorigate breach resulted in the compromise of hundreds of corporations, as well as multiple government agencies and the Windows operating system (OS) source code. This Solorigate breach was claimed to have originated from Russian government sponsored hackers, and it demonstrates how extensive a single state-sponsored cyberattack can be. Allegedly, these attackers originally breached the SolarWinds software through a phishing attack, thereby demonstrating how hackers can quickly breach a single piece of software or computer through phishing and then spread their attacks to other organizations and government agencies.
There are some specific steps that we can take to protect ourselves from phishing attacks.
1. BE VIGILANT ONLINE
Cybercrime is rampant. Always be on guard when using the Internet or your smartphone; if anything on the web seems to be suspicious, use extreme caution when browsing that site or downloading that file. Carefully inspect websites before you enter any personal information into them.
Never click on a link in an email or text – always copy and paste those links from your email/text messenger into your browser and take a moment to inspect them before pressing the go button.
2. VERIFY, THEN TRUST
Always be suspicious of any unsolicited message you receive from a digitally-based entity. This includes phone calls, text messages, emails, and computer notifications.
3. USE SOFTWARE TO PROTECT YOURSELF FROM PHISHING ATTACKS
Such software includes the following:
• Secure browsers (like Brave Browser)
• Strong antivirus software (like Avast Security or Bitdefender)
• Ad Blockers (like uBlock Origin)
4. GUARD PERSONAL INFORMATION
(a) Minimize the amount of personal information you enter into any website or app; this includes any password or passcode. Do not enter information if you are not required to do so. It is not illegal to not enter your real name when signing up for things like Gmail.
(b) Do not reuse the same password for all of your applications; if you have trouble keeping track of your passwords, use a password manager like KeePass, LastPass, or Dashlane.