October 05, 2020
Current Threats and Vulnerabilities
By Tahnee Puckett M.S., Cybersecurity, security director of SecureCom Wireless®
For the past 13 years, Verizon has published an annual Data Breach Investigations Report. This report is composed of data received from 81 organizations including cybersecurity companies, law enforcement agencies, ISACs, CERTs, consulting firms and government agencies. In the summary of findings, it states that attackers are becoming increasingly efficient and are leaning more toward phishing and credential theft.
In very simple terms, phishing is a method of trying to gather personal information using deceptive emails and websites. The deceptive emails can come in many forms and look legitimate. They may mimic the Corporate IT Helpdesk, claiming that your password has been compromised and to reset your password, you should click on a link provided in the email. That link may take you to a page that looks like a legitimate Office 365 or Google login page where you would enter your information. Please be aware: This page is where the attacker captures your credentials and stores for future use, i.e. credential theft.
The DMP IT Department has deployed a spam filter, but the quantity and quality of threats continue to advance. Phishing attacks will continue to evolve and become more sophisticated in order to make it more difficult for a spam filter to recognize, even with regular updates. Therefore, please be vigilant about the emails you receive and reply to.
Here are a few tips to consider to help you identify phishing emails:
- If you’re being asked to change your username and password, be apprehensive.
- Look CLOSELY at the sender’s email for misspelled words. For example: email@example.com.
- Never click on links in an email.
- Phishing emails use emotional tactics to get us to bypass logic and click the link — be extra cautious.
- Are you being asked to confirm any type of account or update any personal details?
- Look for grammar errors in the email.
- Is the logo fuzzy (low-resolution)?
And, as always, treat your login credentials (user ID and password) like keys to the kingdom — that’s what they are to an attacker! If you have any questions, please don’t hesitate to reach out to me at TPuckett@DMP.com.