Cyber security - Phishing 101

ALMOST on a daily basis, there is an article in the news about a company being the victim of a hack. Whether this is Ransomware, Credit Card Theft, Whaling Attack or a Data Breach - the stories seem to be endless.

More often than not, the victims are targeted as they do not have the correct measures in place to prevent it. That's not to say that they require the latest and greatest products in Security. However, having something in place is better than nothing. After all, most cyber criminals tend to attack the easiest targets. This image sums it up nicely for me -

In essence, the idea is that you don't have to be the most secure, just don't be the least secure. That being said, you really shouldn't stick to the practice of simply doing the minimum to get by - you should look at security within your organisation, and at home, as a top priority. You've probably heard the notion that you cannot be 100% secure online, and that certainly is the case, but always do your best to be as secure as you can be. If you can make it to 70%, then great. After all, you wouldn't leave your front door open, so why make it that easy on your computer?

Being secure online is not only about having the strongest passwords and correct backups, it's also about being cautious of sites you visit and links you follow. Fake links and websites are all over the internet, known as 'Phishing', and a lot of them are very hard to spot. Take a look at the image below and see if you can identify if it is real or fake -

Hopefully you figured out that this one is fake. A simple thing to look at immediately for every website you visit is the URL itself. This website may look identical to authentic site in every way, but the URL isn't something that can't be replicated. If you look closely, you'll see that the word 'member' within the URL has been misspelled. These errors can be quite subtle, and several people may not notice it.

With this in mind, you'll be able to spot what is wrong with the next website -

Absolutely - the URL here is completely different = fake. If you find yourself stumbling upon a site that you suspect may be fake, the best thing to do is simply close it down without entering any form of information on it.

Another great way to help identify a legitimate website is by their SSL Certificate. For those who are unaware, if you look at the image below, you'll see that this website contains a SSL Certificate -

This adds an extra layer of security to the website when using credit card transactions, data transfers and logins. Seeing this on the website also enables you to click into it to view more information such as if the certificate is valid.

Some phishing sites are more obvious than others to identify, and the chances of you stumbling upon these without following any links etc is quite slim. However, following links is where you will have to be most cautious. Never follow a link unless you are 100% confident, and trust the source.

Hopefully you have found this article useful, and keep an eye out for future pieces as Clark IT dive deeper into the world of Cyber Security.