Stop That Phish!
July 20, 2018
By John Tooley
As Cast & Crew continues to deliver digital solutions to the entertainment industry, we understand the importance of ensuring all sensitive and entrusted information is kept safe and secure at all times. It’s unfortunate that criminal hackers continue to target the unsuspecting. In fact, according to a recent FBI report, $676 million was lost last year due to company executives or finance departments being tricked into sending money to phony vendor accounts.
Companies continue to see a significant uptick in the activity of cyber attackers who are attempting to use familiar business practices and platforms, such as Dropbox and WeTransfer, to lure users into clicking links, downloading suspicious files and entering user credentials. One of the reasons why these types of attacks are so successful is due to the simplicity. We often get hundreds of emails a day and are constantly opening and clicking on links and attachments. But, we are the first defense against cyber criminals, and staying informed is our best weapon. Read below for some helpful tips to protect you and your company against an unwanted scam.
What Is Phishing?
Phishing is a form of cyber attack that uses an email or a messaging service to prompt recipients to click on a malicious link, share their password or open a threatening email attachment. Messages sent from cyber attackers are purposefully designed to come across as real, tap into emotional triggers and demand an urgent response. As cyber attackers continue to send more and more messages, they know the likelihood of a recipient opening and clicking on a link is increasing. Typically, content is framed to look like it is coming from a familiar person or organization you’re in contact with frequently. These types of framed emails may even contain recognized email signatures, logos and language – making the message appear more legitimate.
Unfortunately, anyone can be a victim of a malicious email … which is why everyone should always be equipped with the correct resources and knowledge on how to protect yourself from a phishing scam.
If you happen to accidentally open or read a malicious email … don’t worry! In almost all cases, opening and reading an email or message is fine. However, clicking on content within a message or email is what puts secure information at risk. A successful phishing attack results in an action, for example downloading a file to your computer. In some cases, you may have not clicked on content within a message, but even forwarding a malicious email to a colleague could potentially motivate them to make an unsafe action. Fortunately, there are clues that indicate when a message is an attack.
Here are the most common ones:
- The message demands “immediate action” before consequences are implemented like account closure or criminal charges. The attacker wants to rush you into making a mistake by triggering your emotions.
- The message pressures you to bypass or ignore company policies or procedures.
- The message evokes a strong sense of curiosity or offers something that is too good to be true (no, you did not win the lottery).
- The message includes a generic salutation like “Dear Customer.” Most companies, colleagues and friends contacting you know your name.
- The message requests highly sensitive information such as a credit card number, password or any other information that a legitimate sender would not ask for or should already know.
- The message appears to come from an official organization but contains poor grammar, spelling or uses a personal email address like @gmail.com.
- The message comes from an official email (such as your boss) but has a Reply-To address going to someone’s personal email account.
- The message comes from someone you know, but the tone or wording does not sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cyber attacker to create a message that appears to be from a friend or coworker.
Ultimately, common sense is your best defense. If an email or message seems odd, suspicious or too good to be true – it may be a phishing attack – and you should contact your company’s IT or security desk immediately.
Everyone holds the power to protect, or to harm, the security of our sensitive data and critical systems.
I chose to protect. Will you join me?
John Tooley is the VP, Senior Security Information Officer at Cast & Crew, where he designs and builds optimized security, risk and compliance programs. John has nearly 20 years of experience in the entertainment information technology security sector.