There is nothing like waking up on a Sunday morning and getting ready for a lovely day of relaxation.
Time to re-charge the batteries, pour a cup of coffee, have a nice walk, enjoy the spring weather, spend some time with the family and play fetch with Toto.
Or watch the Gators get smoked in the NIT basketball tourney while enjoying a foot-long steak and cheese sub.
But wait, let’s check the phone for work, email, social media, calls, texts.
What in the world? My Twitter account is spewing out messages I did not write?
You just realized your account has been compromised. Ooof.
This is what happened to Florida Agriculture Commissioner Nikki Fried last weekend. Her account was taken over by a group called Skull Toons. By Monday, the account was restored, and she is back in business but not without a brand hit and a few jabs by her rivals and the whole fishing/phishing official release.
How does this happen? How can you prevent it from happening to you?
The official definition of phishing: an attempt by cybercriminals posing as legitimate institutions, usually via email, to obtain sensitive information from targeted individuals.
These types of attacks happen all the time.
The most common attacks are via emails or texts appearing to be from Netflix, American Express or the IRS. They all have an “ask” which is a phishing attempt and they vary from asking for your credit card info, birthday, banking account number, email or Twitter password.
Getting messages trying to get you to click by saying your account is past due, being turned off, late payment, or a (fake) refund?
The best rule of thumb in these scenarios is to take a deep breath, don’t panic, and do not click — just ignore the message. Hack avoided.
After you have reviewed the message (see what time it was sent, does it reference the last 4 digits of your account number, hover over the email address to see who it is really from, usually something will be off about a phishing email — you just have to look for it) go to a separate screen and call your bank or Netflix and check your account status if you are really concerned.
Even better, have two-factor authentication enabled on your accounts. That way if someone other than you attempt to log into your account, you get a message to verify the login so you can decline the fraudulent activity.
A sample phishing text is below; I got it today while writing this.
If I click on it, it will likely ask for a credit card number. This approach always baffles me as your credit card company already knows your credit card number. Why would you give it to them?
Sometimes a little common sense will stop hacks right in their tracks, even if you fall for the first part (clicking). Phishing is not always done digitally either. Calls from the “tech department” or “Microsoft” asking for information are hackers trying to catch you (or, more importantly, your intern or other gullible staffers — as they can cause a nice headache for you if they are not trained).
Here is a free crash course training on all these attacks from my office:
Next, keep your devices updated; in most cases, you can set them to auto-update. Also, have a rock-solid spam filter, firewall, and other cyber-defense tools.
You can also add a Phish Alert Button to your Outlook bar, a cool way to empower staff to be on the look-out for phishing emails. Click the button and the email gets filed away as spam for your IT team to deal with.
Last (and most importantly), keep your passwords different for your key accounts (like Twitter) and keep them complex. If you are using an old password and it is the same on all your accounts, there is a good chance that password is for sale on the dark web. Hackers will not even have to phish you; they will just take over that account with the login credentials.
Hacking, phishing, fraud, etc. will continue and the criminals behind these acts will keep phishing until there are no more fish in the sea. This means you, elected officials, state workers, lawyers, cobblers, dentists … anyone with a computer.
Be safe out there; don’t become the catch of the day.
___
Blake Dowling is CEO of Aegis Business Technologies, the author of the book Professionally Distanced, host of the Biz & Tech podcast, and can be reached at [email protected]