Phishing, Spoofing, and Whaling: Tips for Staying Safe

Phishing is a term that refers to attempts to obtain identifiable information of an individual by cybercriminals in an attempt to impersonate someone else via social engineering.

The word is a neologism created from the word fishing, because of the similarity between the two techniques – both use bait to catch a victim. This is a very serious cyber threat. According to estimations from 2017, phishing was costing American companies a whopping half a billion dollars each year.

It is usually carried out by forgery of electronic communication of mail or messages, directing the user to a state similar to the original and prompting them to fill in fields with data such as user names, access keys, or bank details. 

This process is also known by the term spoofing. These attempts pretend to originate from social portals, banking institutions, or system administrators and may contain links to websites infected by threats. In addition, it can be used to install malicious software on the victim’s system and can be used as a platform for other types of attacks, such as advanced persistent threats.

Another strategy often used is called whaling, which references whale phishing, as in the act of catching big fish. It involves searching for data and information regarding individuals with high ranks or positions, or even personalities of relevance. In this case, the attacks are usually disguised as court notices, customer complaints, or other business-related issues.

Overall, phishing is embedded in social engineering techniques used to deceive a user and exploit vulnerabilities in the current security of the Internet. Attempts to tackle the problem include the creation of legislation, education and public awareness, and the implementation of improvements in safety techniques to mitigate cybersecurity risks. However, there are other things you can do to protect yourself. 

Do not click the links

The rule of thumb is to simply not click on links in emails or messages – or, at least, verify those links before clicking them. And this is valid for all emails you receive from unknown sources, even when you receive an urgent reminder that “your password has been compromised” or that “the account is about to be disabled”.

In the vast majority of cases, these messages are false and, when you click on the link, you are prompted to log in or enter some account data, such as banking information. But keep in mind that bank sites are not always used, as there are phishing attacks for Gmail, Facebook, Amazon, Apple, or other high-profile services that have credit card details.

Read the message and find the signs

It is true that an occasional grammatical or spelling mistakes can appear in any email, but fraudulent messages are usually poorly written and with grammatical errors that denounce amateurism. It is easy to find strangely constructed sentences, such as improper use of language, a temporal error, and more.

In addition, always check the From email address, as it will almost always give the attack away. For example, quite often the email subject and content claim to be from Google, but the email address clearly is not.

Adopt security measures for all your accounts

When it comes to cybersecurity, the goal is to prevent all breaches, but sometimes accidents happen. In a situation like this, a very good workaround is to have additional security features whenever possible to further protect an account.

A very good example of this is Multi-Factor Authentication (MFA), which can be a life-saver. For example, imagine you have MFA active and running on your Facebook account, and for one reason or another, you fall victim to a phishing attack and reveal your Facebook account’s credentials (email and password) to the cybercriminals.

Because you have MFA on, and despite having clear access to your account’s credentials, they will not be able to successfully log in to the account, leaving you with enough time and space to login and change your credentials.

Do not believe in awards…

Emails that say you have won a prize and ask to click on a link and enter your personal data are almost surely a variant of the phishing attack. Not that winning prizes is unlikely but, when it happens out of the blue, suspicions should be raised.

…nor try to help needy friends

There are many phishing strategies that appeal to everyone’s soft side. The ‘stranded traveler’ is a popular and pernicious example in which victims are sent a message from a (supposed) friend or loved one, stating that he or she is stuck abroad without money (or was stolen, or some other disaster struck) and desperately needs you to send money to an emergency fund.

As you might expect, this money would disappear forever the moment you pressed the submit button. Again, the way to authenticate the situation is to directly contact the person who allegedly sent the message.

Conclusion

Most phishing strategies have common themes, so it is useful to review them. Put simply, do not click on links, do not provide account details, or send money unless you know for sure the messages are real and are from whom they claim. Also, banks will hardly ever request personal or account-related details over email. If you keep an eye out for these red flags, you stand a much better chance at preventing a phishing attack.  If you host your data on the cloud, it is always the best idea to make sure all best practices are in place and your VPS is secure.

Learn More About Atlantic.net

2020 Cloud Rush – Why So Many Small Businesses Are Adopting Cloud

My Post (20).pngThe impact of the pandemic has led to a dramatic rise in the number of small businesses adopting cloud technology. With nine out of ten companies now making use of cloud IT and 60 per cent of workloads being run in the cloud, it has become the go-to option for forward-thinking firms. By providing them with the same technologies used by larger rivals, but without the need for capital investment, the cloud delivers an affordable way to innovate, automate and become more agile. Here are just some of the ways small businesses are benefitting from cloud adoption.

Awesome power at low-cost

In the age of digital transformation, companies need hi-tech solutions to help them compete. While technologies such as data analytics, AI, machine learning, IoT and automation are widely used, a lack of financial resources has left many smaller businesses out of the loop. However, by migrating to the cloud, companies can have access to the necessary infrastructure without having to invest heavily in setting up an on-site datacentre. All the hardware is provided by the service provider and paid for on a pay-as-you-go basis.

Furthermore, the cloud offers the ideal set-up for fast and easy expansion, enabling companies to scale up or down their IT resources on-demand, helping them to increase capacity in line with growth and cope with spikes in demand in a convenient way. Expansion that would take considerable expenditure and days of work to set up in-house, can be had cost-effectively at the click of a button.

New normal adaptation

The pandemic has led many companies to reassess the way they operate, especially with regard to their working practices. Across the globe, swathes of employees are finding themselves able to ditch the commute and work more flexibly from home as executives seek to downsize offices.

Cloud technology is a key enabler of remote working, giving employees the ability to access the company’s IT resources anywhere with an internet connection. Firms can also make use of software as a service (SaaS) packages, providing them with a multitude of business applications, such as Microsoft 365, with which to carry out their work.

These technologies enable employers to offer flexible hours, recruit staff from further afield and reduce office occupancy. What’s more, they can also monitor staff productivity and task progress, as well as tracking inventory and shipping.

Better collaboration

Over the course of the lockdown, the leading software companies have gone all out to improve the collaborative cloud-based applications that teams rely on. Existing apps have been enhanced and new ones created to provide far better video chat, messaging and document sharing platforms. Features such as group editing, instant syncing and project management, together with improved security, enable remote working teams to be assembled and collaborate on a wide range of initiatives.

Transformative technology in your hands  

The cloud is the ideal place to benefit from today’s must-have technologies, like artificial intelligence, data analytics and the Internet of Things. Indeed, many of these are cloud-native, with applications that can be deployed at the click of a button in a cloud environment. What’s more, a lot of these cloud-based apps are open-source, meaning that they are free to use.

This means small businesses can take advantage of the cloud immediately, accelerating their ability to benefit from data-driven insights. As a result, they can reduce costs, improve operations and discover new opportunities much quicker than before.

Solid security

While security is a concern for every business, small firms have an additional issue when it comes to providing the in-house security expertise and resources to keep their systems protected. Migration to the cloud removes many of these headaches as the service provider will undertake a great deal of this work on their customers’ behalf.

Cloud providers have to comply with stringent regulations to ensure their infrastructure is robustly secure. By migrating to the cloud, small businesses will be automatically protected by a wide range of sophisticated security tools, such as next-gen firewalls, intrusion prevention apps and malware scanners – all of which are managed and maintained by security experts. – Read more

Learn More About eUKhost