Phishing attacks have come a long way from the generic spam emails filled with glaring red flags. Today, cybercriminals employ sophisticated techniques that exploit human vulnerability and advanced technology to deceive even the most cautious individuals. As we come upon this election season, the threats will be more prolific and more clever. I myself have come very close to falling for more than one attempt to get me to click a dangerous link or fill out a form with personal information. The implications of falling for such a scam can be severe. Your accounts and information can be hacked, or your system frozen for a “ransomware” demand.
The Hacker News recently reported that a group of Russian hackers created over 4,300 fake travel sites to steal payment information from hotel clients. In particular, attackers meticulously craft emails that appear to be from reputable sources such as Airbnb and Expedia. These emails often replicate the design and language used by the genuine entity, making it even harder to distinguish between real and fake communications. These malfeasants sometimes target specific individuals or organizations, often through personalization and the use of publicly available information. In typical fashion, the cybercriminals gathered intelligence on their targets and tailored their phishing attempts to appear genuine and trustworthy.
Here are a few precautions to consider:
Purchase Travel from a Known Travel Advisor – Booking online means you are on your own. Travel advisors spend every day with their ear to the ground, finding solid, reputable organizations with which to book. The big online travel agencies are short on service, particularly when a problem arises, such as a cancellation of your flight. You will save time and receive a better product with a travel advisor with whom you have a relationship.
Education and Awareness: Stay informed about the latest phishing trends, techniques, and notable scams. Regularly educate yourself and your team members to recognize common warning signs and red flags. As hard as it may be to say and act upon, be suspicious of every email you receive from unknown sources and even those you recognize. Recently, I received a phishing attack from an entity posing as “Best Buy” where I had just purchased a computer. A new rash of attacks pose as popular retail outlets promising a “prize” or a “gift card.”
Verify the Source: Always verify the legitimacy of an email, website, or phone call before taking any action. Contact the organization independently through official channels to confirm the request’s authenticity.
Be Wary of Urgent Requests: Phishers often create a sense of urgency to make you act without thinking. Take a step back when receiving urgent messages and verify their legitimacy, even if they claim to be time-sensitive.
Avoid Clicking Suspicious Links: Hover over links in emails to preview the URL without actually clicking on them. Be cautious of shortened links, misspellings, or unusual domain extensions. When in doubt, search for the website independently instead of clicking the provided link.
Strengthen Passwords and Enable Two-Factor Authentication: Use strong, unique passwords for each online account and avoid using personal information. Enable two-factor authentication whenever available to add an extra layer of security.
Keep Software Updated: Regularly update your operating system, antivirus software, and web browsers to ensure you have the latest security patches and protection against known vulnerabilities.
The criminal mindset always seeks to gain your confidence. Be careful out there.