Phishing, we’ve heard of it, but what does it mean? In summary, it is a tool and method attackers use to try and coerce people into clicking on a malicious site or download, potentially leading to a security issue.
Phishing is a very popular and effective way to try to steal data, lock data, delete data, gain access, or take over a computer. Phishing usually comes through email but can come via text message or other collaboration apps like Slack, Skype, or GroupMe.
Here are some signs of a phishing attempt. While the diagram below is email-based, the same principles can be applied to the other communication methods mentioned above:
Phishing is usually obvious, and the above signs show prominently. However, some phishing attempts are tricky and it’s hard to spot a legitimate message from an illegitimate one. For example, amid the current crisis, many phishing attempts are using COVID-19 as their hook. Also, we’ll all recall, shortly after GDPR was passed there was a flurry of companies sending out updates to their privacy policy and emailing people about it. Well, attackers took advantage of this world-wide explosion of privacy policy updates and tricked many into clicking the links to “view or accept the new privacy policy”.
As you’ll see in this security awareness video, ransomware is an especially dangerous consequence of falling for a phishing attempt. Ransomware is software that locks down data by encrypting it and won’t be unlocked through decryption until a ransom is paid.
To protect yourself from ransomware:
- First, be wary of suspicious emails and look for the signs.
- Second, make sure your antivirus software is up to date and running. It’ll help stop the ransomware in its tracks.
- Third, if ransomware is installed, then if you’ve backed up your data, you can ignore the threat and restore the data. Unfortunately, in many cases and especially for large enterprises, the cost of the ransom is significantly less than the cost to restore the data, even if it’s backed up. Therefore, the first and second layers of protection are critical.
Stay up-to-date on the latest scams at K-State by visiting the Scams blog. Report any suspicious emails to abuse@k-state.edu.