Phishing messages are actually a social engineering product, often conducted through digital channels (such as the e-mail messages), but also via text messages, private chat conversations, and the like. According to the report of Phishlab, in 2019, compared to 2018, the increase in phishing messages has reached 40%, and an additional 21% one just for the second half of 2019.
In addition to the rising frequency of these attacks, their increased sophistication and precision in targeting is something we need to be aware of. In recent years, a growing number of small and medium-sized companies have become targets of this type of cyber-attacks. This trend is likely to continue for the foreseeable future, but what can end users do to protect themselves in a timely manner? Here are some quick steps you can take to begin the process of preparation for mediation, with almost no financial investment.
Follow the rule - if it looks too good to be true, it's probably a scam.
The tempting offers of an intercontinental plane ticket of only 1 euro, or exclusive zero-interest installments for your favorite car, seem too good to be true. Which is usually the case. Of course, large companies often organize various competitions and giveaways - however, make sure that the organizer sent you the message, and it is not an attempt to extract information from you. How to do this - very easily: first, think about whether you knowingly participated in a competition from that company. Then, visit the website of the alleged organizer where they want to give you a prize, and carefully read the rules of the competition - very often, they describe in detail the ways, in which the organizers communicate with the winners. Finally, if you are able to do so, try to get in direct contact with the organizer - even if you are not a prize winner, they will be grateful that you have reported this incident to them, and that they will be able to take appropriate steps.
Think before you act.
Very often phishing attacks rely on the time factor, i.e. urgency of receiving a response from the potential victim. It often happens that messages (email, SMS, etc.) contain an element of quick response - Click now! or - "You have 1 hour to reply to this message", or "otherwise your account will be closed!" etc. Because of this, many people react very quickly to these phishing messages, and the attacker's goal is achieved. If you notice that an email or text message asks you to act surprisingly urgently, and especially if it contains some kind of consequence or threat if you do not react quickly - stop and think. Is this type of communication regularly sent by your bank, school, workplace? Check the phone number, or address, where the message allegedly came from - do you know this person, and could you contact him or her in any other way? If you can contact us by phone or through mutual friends, do so before responding to the request.
Verify whenever you can.
For hackers, it is always the easiest tactic to try and extort information from you by posing as one of the well-known big companies - Facebook, Google, Microsoft, etc. Very often, the victim falls into the illusion that once contacted by representatives of such a large corporation, surely the call or message is legitimate. How can we verify these claims, even when they seem to come from renowned institutions or companies? Fortunately, companies themselves, such as banks, understand the need for information security for their customers - they themselves often offer various solutions to verify the reliability of customer requests. Even the bank employees, in most cases, will help you easily and safely make sure that you are really talking to an employee in that institution. However, there are situations where companies do not have such policies, or at the moment it is very difficult to do the check due to a number of other factors. In this case, it is always safer to ask for an extension - if you cannot even verify the request by phone, sometimes it is okay to physically contact the company or organization where the request comes from. In any case, identity verification is one of the most powerful tools at your disposal, and you should not dismiss it so easily.
Have clear policies for recognizing, responding to, and reporting incidents.
Scammers who use phishing messages are constantly working, in order to perfect their attacks. It is sometimes very difficult to keep up with the latest and greatest tools they use, and of course we can never assume that we are 100% safe from cyber-attacks, including this type of social engineering. However, having clear policies in our organization, company, and even within our home and family will help reduce the potential harm in the event of such incident. Each security plan contains several points, and there are various security plans suitable for various business institutions, or private use. Find the one that best suits your needs, and start with honest conversations - how willing are you to invest in employee skills, do you have enough financial resources to physically protect all access points in your network, and finally do you have the expertise to follow performance metrics for your security plan. It is always better to seek the help of experts when introducing new security policies to your institution or company, which will also help identify weaknesses that could lead to a cyber-attack. It is up to you to choose how to "patch" them.
Keep up to date with the world of cybersecurity.
It may sound like a cliché, but we can never be prepared enough, especially when it comes to the world of cybersecurity. However, following the latest trends in reporting incidents and breaches by large companies and organizations will help you prepare for the next step and the next type of attack. Although phishing attacks, especially targeted phishing, are predicted to remain as one of the leading causes of cybercrime, regularly informing and seeking appropriate protection solutions through the community of security experts could prove invaluable to your organization or company. Additionally, the wider education of all our friends, relatives, employees, colleagues, but also the youngest, students, about the basic ways in which such attacks occur, the most common signs through which we can recognize them, but also how to react appropriately, will help foster a culture of digital literacy in all of us, and the resilience to these types of attacks will improve dramatically. Typically, cybersecurity and security experts are ready to assist you with helpful tips, software recommendations, and point out potential problem areas that could easily be the target of hacker attacks. Only through a realistic assessment of our weaknesses will we be able to apply appropriate safeguards and protocols to help us stay safe.