The internet has opened up all kinds of possibilities that have never existed before. It makes communication easier, simplifies gathering, storing and making sense of data, sharing and collaborating on files, and the list goes on and on and on. But it also opens up your data to a whole new set of security risks. Like a home without a door lock, anyone can walk in at any time and take whatever they want, so it can be on the internet. Without proper online security precautions, doors or windows can be left open, waiting for someone to walk by and take whatever they want.
Do I need security?
There’s lots we can do to prevent this! But why bother? Isn’t a password with an “!”, a number and 8 letters enough? That’s a good start, but there are many ways cyber criminals try to get through this. “But we’re just a small organization. No one will care about trying to hack us.” First, lets deal with the biggest risk on the internet, phishing.
Phishing
What is phishing?
Like fishing, phishing is trying to bait you into giving criminals valuable information about yourself. Often what’s most valuable is your login credentials or credit card details. Usually it involves send you an email or text message that looks legit and includes links to a webpage that looks like real deal, but isn’t. They want you to login to their fake website or enter your credit card info and then they store the information you type in so they can use it themselves..
Here’s some stats:
- Phishing is the most common form of cyber crime, with an estimated 3.4 billion spam emails sent every day.
- The use of stolen credentials is the most common cause of data breaches.
- Millennials and Gen-Z internet users are most likely to fall victim to phishing attacks.
- 83% of UK businesses that suffered a cyber attack in 2022 reported the attack type as phishing.
Stats taken from the AAG website
What can i do?
watch for these red flags
- Unexpected emails, period.
- Unpaid invoices for invoices you think you’ve paid
- Suspicious login email. Some emails will claim a suspicious login to your account. This is standard practice for companies to send you an email when you login from a new location, even if it’s across the street. But it’s still worth it to be suspicious of these emails
- Strange asks from people you know. Some phishing emails claim they’re from someone you know. These can be the easiest to fall for especially if you trust them.
- Strange looking email addresses or phone numbers
- Strange links. By this, I mean, not what the email says the link is, but what shows up when you hover over the link. For example, it could say “https://google.com”, but when you hover over it, it might say “http://imphishingyou.com.” It would be nice it actually said that. Anything other than what it says could be grounds for suspicion.
avoid clicking links
If in doubt at all, don’t click links from the email or text message. Instead go to the website through your normal means. Click on your bookmark or type the URL in directly or search for the login page through a search engine.
Do your research
If the email claims you have an unpaid invoice, go to your bank account and check if the invoice money came out of your account. If it’s a suspicious login, login to your account, go to the security part of your settings and view your login history. The point is, if the email claims anything, double check that it’s true before taking any action.
Report as Spam
Finally, all email systems and many phones have the ability to report as spam. Do that. It makes sure you don’t get these emails again and saves others from getting these emails because it’s guaranteed you’re not the only one. Then delete and ignore.
We’ve all got phishing emails. Some of us have learnt the hard way just how deceptive these emails can be. I’ve heard of many close calls and I’ve saved a handful of people from falling for this trap.
