PCMag SecurityWatch

Can you spot a phishing scam?

Views expressed in this cybersecurity, cybercrime update are those of the reporter and correspondents.  Accessed on 19 October 2022, 0228 UTC.  Content provided by email subscription to "PCMag SecurityWatch."

Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGqRGRrCmFlCgjmlwvszKCXDhpl

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

PCMag SecurityWatch
Can You Spot a Phishing Scam? Take These Quizzes to Find Out
It's Cybersecurity Awareness Month, and each week I'm focusing on a theme from the See Yourself in Cyber campaign. Last week I asked you to stop changing your passwords so often, and this week it's time to talk about how to spot phishing attempts.

When I was a kid, my parents encouraged me to explore my neighborhood, socialize with other children, and go outside and run around. The few cautions I heard regularly were "be home before dark" and "pay attention to your surroundings." Those are excellent guidelines to follow at any age and in any context, so this week, I encourage SecurityWatch readers to heed the second bit of advice. Pay attention to your surroundings, even when you're online, to avoid being phished. If a message or website's content seems a little off or suspicious, don't click any links, don't open any attached files, and don't download any software.

According to Statista, the most common crime reported to the US Internet Crime Complaint Center in 2021 was phishing. Phishing lures are getting topical and sophisticated, too. Last year, cybersecurity researchers warned about the rise in phishing messages about COVID-19. In January, the FBI warned the public about hackers who are phishing victims using QR codes, and last October, criminals working for the Russian government tried to ensnare victims with phishing emails.

What Is Phishing?

Phishing is an attempt to steal victims' data or money using a deceptive lure in the form of an email, SMS, online ad, or fake website. For example, earlier this year, the FBI warned that cybercriminals are sending out SMS fraud alerts that look like they come from financial institutions. If a victim responds to one of the messages, the fraudsters spoof the bank's phone number, call the victim, impersonate the bank's fraud department, and encourage the victim to transfer all their money.

Common characteristics of phishing messages include: 

  • Claiming to be from someone you know and trust, such as a family member or your boss.

  • Impersonating a critical institution such as your bank, insurance company, or workplace.

  • Requesting your financial data or personal information.

  • Asking you to click links, download software, or open file attachments.

The traits above probably apply to many of the legitimate messages you receive, so how can you avoid being phished? Pay attention. If your browser alerts you about a potentially dangerous message, unsafe content, or a malicious website, heed the warning. Avoid clicking links, entering data, or downloading attachments from unknown or untrustworthy sources.

Adopt 4 Key Anti-Phishing Behaviors

To keep from getting phished, follow these tips:

  1. Never give away your data online. Avoid including usernames, passwords, government ID numbers, financial account information, birthdates, and other private information that could be used to impersonate you later in emails, phone calls, or text messages with people you don't know.  Don't give away your email address or phone number to a website if you have doubts about the site's legitimacy.

  2. Don't confirm your password right after clicking a link in a message. If you need to log in to a website or service after clicking a link you received in a message, open a fresh browser tab or window and directly type the URL you want to log into instead. Hackers can set up fraudulent websites and collect your login credentials with ease. 

  3. Take your time with urgent messages. Criminals often try to get victims to act quickly, so they don't have time to realize they're being duped. Be suspicious of anyone who asks you to respond to them or click on a link within a specific time period. Tax scams, for example, tend to have time limits attached to them. 

  4. If a message is too good to be true, ignore it. Dating scams, financial scams, and sweepstakes scams are all common. If you receive a note saying you've won a contest you never entered, and you just need to click a link to claim your prize, do not engage with the sender. Instead, report the message to your email service provider and go on with your day, knowing that you defeated yet another phishing attempt.

Quiz: Spot the Phishing Scam

Google's Jigsaw team developed a quiz to help everyone learn to spot phishing attempts. It shows visual examples of sophisticated phishing messages and asks users to determine whether they are being phished or not. You can practice hovering your mouse over links to see a real web address. You can also examine email headers and attachments to determine if a message is legitimate.

Enterprise software juggernaut Cisco created a phishing quiz for employees. The questions are part of a comprehensive phishing hub containing important information on why phishing works and how criminals plan their attacks.

Create a Cybersecurity Toolbox

The easiest way to thwart phishing is to use the greatest tool you have: your brain. According to a 2020 survey by Statista, employees said distraction was the number one reason they clicked on a phishing link. Use your brain and focus on your online surroundings to curb future phishing attacks.

Here are some other habits that can help you avoid phishing fallout:

  • Use a password manager. Check your accounts for old passwords that may be duplicates, easy to guess, or previously compromised by a data breach. Create new passwords for your accounts and store the credentials in your secure vault. Having different passwords for each account means that if a hacker gets the login information for one of your accounts, they may not have the tools to be able to impersonate you all around the web.

  • Enable multi-factor authentication for your accounts. Add another layer of security to your accounts so that if one of your passwords is stolen, the attacker still needs another form of authentication to get into your accounts, such as something you have (such as a hardware token or cell phone) or something you are (such as your fingerprint).

  • Examine your browser's settings. If you use Google Chrome, consider turning on Safe Browsing at the level of protection you want under the Privacy and Security category in the Settings menu. Safe Browsing warns you about potentially malicious downloads, extensions, and websites. You also get alerts about leaked passwords, and Google scans files before you download them from the web if you choose to enable Enhanced protection while you browse. Firefox has a similar feature called Firefox Focus.

Get this email from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.

What Else Is Happening in the Security World This Week?

The Best Google Chrome Extensions for Online Safety and Security. Surfing the web can be a security nightmare, with various threats from ad trackers to malware. These Google Chrome extensions can help keep you safe and secure.

Police in Europe Arrest Car Theft Gang That Tried to Hack Thousands of Vehicles. According to Europol, the suspects targeted keyless vehicles from two French car manufacturers.

Cybersecurity Pros Warn of Danger Ahead With Russia, China, and Beyond. An event in D.C. featured both warnings of blowback from Russia and China and optimism about growing security awareness and resilience.

How to Protect Your Smart Home From Hackers. Smart homes offer convenience but also security risks. Here's what you can do to stop hackers from taking control of your smart speaker, thermostat, doorbell, and other connected devices.

Sorry Parents, Your Kids Think Your Online Habits Are Cringe. Both parents and children worry about online privacy and security, but they have varying views on what to do about it, according to a study from 1Password and Malwarebytes.

Save $50 on IPVanish VPN
If you buy something from our links, we may get a commission from the sale. Learn more here.


Do You Need to Buy an Antivirus App or a VPN Anymore?
Windows, macOS, Android, and iOS all include protection against malware. For some, protection takes the form of a full-on antivirus. For others, security is baked into the OS thoroughly enough that malware has a really hard time doing anything.
Depending on the operating system, adding security beyond what’s built in ranges from a good idea to an absolute necessity. In an article about evaluating your devices’ privacy and security needs, PCMag’s lead security analyst Neil J. Rubenking explains that if you’re worried the built-in security isn’t enough, you can improve your protection by installing a third-party antivirus.

You Tossed Your Cookies But They’re Still Tracking You; Here’s How to Hide Your Browser Fingerprint

FCC Expected to Ban Sales of New Huawei, ZTE Equipment in US

Proton VPN's New Stealth Feature Helps Fight Censorship in Iran and Russia

PCMag Reviews the Best VPN Services

8 Techie Gifts for the Security Expert in Your Life

Want more deals like these delivered to your inbox?
Dell XPS 13 (9305) Intel Core i7-1165G7 13.3" UHD Touch Laptop w/ 512GB SSD, use code: 50OFF699
$1,599.99 $879.99  

Dell UltraSharp U3421WE 34" Curved 3440x1440 IPS White LED USB-C Monitor
$869.99 $559.99  

Pre-order Meta Quest Pro Advanced VR Headset

Prime Exclusive Voltme Revo 100W GaN III USB-C Wall Charger (2x USB-C & 1x USB-A), use code: 30A9Q1BK
$72.99 $28.34  

All product and deal information such as discount, price and availability are believed to be accurate as of the time of publication. Please verify these details with the merchant site and check the merchant's terms and conditions before you buy. Publisher is not responsible for errors or omissions.


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.