Today’s cyber attackers are far more sophisticated. They now research their intended victims to create a more customized attack. Instead of sending out a phishing email to five million people, or appearing to be generic emails sent by corporations, they may send it to just five people and tailor the attack to appear to be sent from someone we know. Cyber attackers do this by:
- Researching our LinkedIn profiles, what we post on social media, or by using information that is publicly available or found on the Dark Web
- Crafting messages that appear to come from management, coworkers, or vendors you know and work with
- Learning what your hobbies are and sending a message to you pretending to be someone who shares a mutual interest
- Determining you have been to a recent conference or just returned from a trip and then crafting an email referencing your travels
Cyber attackers are actively using other methods to send the same messages, such as texting you or even calling you directly by phone.
How to Detect These More Advanced Phishing Attacks
Because cyber attackers are taking their time and researching their intended victims, it can be more difficult to spot these attacks. The good news is you can still spot them if you know what you are looking for. Ask yourself the following questions before taking action on a suspicious message:
- Does the message create a heightened sense of urgency? Are you being pressured to bypass your organization’s security policies? Are you being rushed into making a mistake? The greater the pressure or sense of urgency, the more likely this is an attack.
- Does the email or message make sense? Would the CEO of your company urgently text you asking for help? Does your supervisor really need you to rush out and buy gift cards? Why would your bank or credit card company be asking for personal information they should already have about you? If the message seems odd or out of place, it may be an attack.
- Are you receiving a work-related email from a trusted coworker or perhaps your supervisor, but the email is using a personal email address such as @gmail.com?
- Did you receive an email or message from someone you know, but the wording, tone of voice or signature in the message is wrong and unusual?
If a message seems odd or suspicious, it may be an attack. If you want to confirm if an email or message is legitimate, one option is to call the individual or organization sending you the message with a trusted phone number.
You are by far the best defense. Use common sense.
Guest Editor Phil Hoffman is a semi-retired IT consultant with 40 years of experience, focusing on infrastructure and security. He's a long-term contributor and editor for OUCH!, and is passionate about technology, bicycling and photography.
The views, information, or opinions expressed in this article are solely those of the author and do not necessarily represent the views of Citizens State Bank and its affiliates, and Citizens State Bank is not responsible for and does not verify the accuracy of any information contained in this article or items hyperlinked within. This is for informational purposes and is no way intended to provide legal advice.