Twane Boettinger, Director of Information Security and IT Risk at FCT returns to discuss phishing, the most common and dangerous type of cyber attack facing both individuals and organizations today.
What is phishing?
Phishing is a type of social engineering—manipulating people into revealing confidential information—that works by tricking its target into interacting with a communication that looks legitimate.
It could seem like an email from your colleague, a call from the CRA or even a text. Whether it poses as good or bad news, a phishing attack always creates a sense of urgency to engage. And when you do, any information you give to the supposed sender goes to the criminal, who can then use it to for any number of harmful activities, including access to accounts with your credentials, if you unknowingly provide those details.
How can I recognize a phishing attack?
Watch out for these red flags in every communication you see:
- An inappropriate presentation: Most institutions who have your information will use your name and won’t begin communications with “Dear Sir” or “Hello Madam.” Watch out for unusual mediums, like a bank threatening to close an account via text message. Many phishing attacks also contain spelling and grammar errors, often deliberately.
- Unrealistic stakes: Does the communication threaten some consequence if you don’t answer, or offer some unexpected benefit? If you’re concerned by an apparent threat from an institution, reach out to them through normal channels to verify, never through that communication itself.
- Incorrect links: If an email makes you suspicious, compare the sender address to past communications from the same source you know were legitimate. Any differences in sender address, even a single character (“@mybank.com” vs (“@my-bank.com”) can mean it’s a fake. On a computer, you can hover your mouse over any hyperlinks to see where they go. Never click on any links unless you are completely confident in the email.
Don’t let a phishing attack’s false sense of urgency pressure you. If a communication makes you suspicious, delete it. If someone really needs to get ahold of you, they will find other, legitimate ways to do so.
®Registered Trademark of First American Financial Corporation.