The Internet is an incredibly powerful tool for accessing information and communicating with others. Unfortunately, it is increasingly used by nefarious actors to attack regular users. There are many different styles of cyber attacks, but in the end, almost all of them are intended to generate money for the attacker at your personal or workplace's expense.
What is Phishing?
One of the most common and effective methods these attackers use to try and get access to your computers, accounts, or information is through a strategy called Phishing.
Phishing is a term that covers many different styles of attacks. Most commonly, it is when someone tries to trick you into doing what they want by pretending to be someone or something you trust. This can take the form of an email, text, or even phone call appearing to be from a friend or familiar company.
The CRCNA denominational office has seen a recent increase in phishing messages coming from compromised accounts of people from local CRC churches, former staff, or others connected to the CRC. Some churches have reached out and asked for advice on protecting themselves from these attacks—a request our IT team was more than willing and ready to meet by sharing their expertise.
How an Attack Works
Phishing messages usually come via an email from someone you know and might ask you to review a document or invite you to an event. The messages often have a link to click on, which may bring you to a legitimate-looking website. This website may then try to get you to enter your email address and password by mimicking your usual login screen, or it may download malicious software to your computer.
Once an attacker has your credentials, they can use your account to spread more phishing messages to all your contacts. The goal is to get access to as many accounts as possible to sell that access on the dark web or install ransomware (where they hold your data hostage until you pay them).
Tips to Protect Yourself
Our IT team recommends the following habits to stay secure:
- Verify Before You Click: Hover your mouse over any links before clicking them; you’ll see the actual destination displayed at the bottom of your browser. If it looks strange, don't click it.
- Check the Address Bar: Ensure the login screen is actually the website you expect. Watch out for subtle misspellings like mail.g00gle.com or mail.google.fakesite.com.
- Be Skeptical of Urgency: Be wary of unexpected emails that use a sense of urgency to pressure you into acting quickly.
- Use a Second Path for Verification: If a message seems off, contact the sender via a different method (like a known phone number). Do not reply to the suspicious email or call numbers listed within it.
- Beware of "Human Verification" Scams: Don’t follow instructions to “verify you’re human” that involve keyboard commands like CTRL+R or CTRL+V. These are tricks to give attackers access to your system.
- Ignore Fake Virus Pop-ups: Be suspicious of pop-ups claiming your computer is infected. These are almost always ads trying to trick you into calling a scammer or installing actual malware.
- Big Tech Won't Call You: Microsoft, Google, and other major companies will not call or email you out of the blue to tell you your computer is infected.
How Can You Stay Safe Long-Term?
Periodic training is a great idea for everyone. It is essential to keep up with the latest types of attacks to stay one step ahead.
A great free resource is Cyber101, which offers short videos on phishing, password security, and Multi-factor Authentication. Additionally, the SANS OUCH! Newsletter is a monthly resource that discusses new threats in plain language.
By staying informed, you can help stop the spread of an attack rather than becoming a victim of it.
Let's Discuss
We love your comments! Thank you for helping us uphold the Community Guidelines to make this an encouraging and respectful community for everyone.