Malware, Technology, Uncategorized

Phishing, Smishing and Vishing – Hackers are lurking

If you work online, you can get hacked.  No doubt about it.  If you’re not concerned, you should be.

Dan Bistany of BreezeIT is an IT guru who understands data security and working online and in the cloud.  With major data breaches at Yahoo and Equifax in 2017, with over 145.5 million customers affected, it was time to learn about how we can protect ourselves from ourselves and hackers.

First of all, how many email accounts do you have?  How many of you don’t delete unread emails?  Do you bank online? If so, how many bank accounts do you access?  How many of you shop online and use your credit card?  How many of you store your credit card with services like Netflix and Amazon? These are all opportunities for hackers to get your information.  With each email address, each login, each stored credit card site, you have increased your exposure exponentially.

So what is Phishing? Phishing is a suspicious email purporting to be sent by a reputable company requesting action.  Oftentimes, they’ll attach a link asking you to reveal or verify your personal information, credit card number, password, etc.

There are ways to verify a trusted vs. an untrusted email.

  1. Look at the email address of the sender to see if it’s legit
  2. Generic greeting instead of your name is key
  3. It’s asking to verify an account you might not even have
  4. Grammatical errors
  5. The email asking you to verify your email address
  6. Hover over the hyperlink in the email. Don’t click on it.  The hyperlink is very telling.  A bad link can redirect you to an untrustworthy site.
  7. If you question the email, call the source. Don’t call the number on the email.

Smishing, a/k/a SMS phishing, is conducted over your smart devices via short messaging service (SMS); i.e., texting and emails.  Click on the wrong link or attachment, and you can easily download a Trojan horse, malware, or virus.Smishing

How can you protect yourself?

  1. Don’t buy into urgent offers that need you to act immediately
  2. The IRS, credit card, or financial institution will never contact you via texting or emails.
  3. Check to see who is actually sending you info.
  4. Never store credit card or banking information on your smartphone.

The scary part about smishing is that we all use our devices to conduct business.  It’s unusual for us to have a work phone and a personal phone.  That being said, it’s much easier for hackers to infiltrate you and your company’s information.

Ever get a phone call from the IRS saying you owe $1,000 and if you don’t pay up you’ll be arrested? This is Vishing, scams over the phone.  Never give out any personal information over the phone. If they ask you to verify your email address, make them state your email address first.  Then verify.


Being proactive and downloading virus protection and malware software is a great way to start.  However, it may not be enough.  Some things that Dan recommended are:

  • Multi-factor authentication
  • Encrypt your hard drive. Windows 10 has Bitlocker which is free to use and helps protect information if stolen.  Locking your device with a password isn’t enough.  NOTE:  You cannot encrypt your HD and do realtime.
  • Security and awareness training

He also said:  Make a Plan.  If you ever get hacked, your first call should be to your lawyer.  There might be regulatory or security issues with the data breach. Call your IT administrator.  They would understand the forensics of the data breach.  Notify all affected parties of the breach.

Lastly, you might want to get cyber liability insurance.

Ransomware is a growing concern.  It’s a virus that blocks access to your computer and/or threatens to publish your personal data until a ransom is paid.  To pay off the hacker, Bitcoin is the currency to get you out of the jam because it can’t be traced. Hackers are getting very sophisticated.

Lastly, let’s talk about passwords.  How do you remember them?  Are they written on a slip of paper?  Excel spreadsheet?  In your contacts folder?  Again, this is another opportunity for hackers to get your information.  Dan suggested you find a good password manager like Dashlane or  1Password.  Let the App generate and store the passwords for you. Make sure you have a strong password to open the App, and just don’t forget it.  Next, sign up for two-factor authentication.  It’s a two-step verification tool that makes it more difficult for hackers to get into your accounts.  Apple and Google are two vendors of many who have this feature.  It may be a pain for you, but at the same time you’re limiting your exposure.  A little inconvenience can go a long way.

Being connected gives you access to a world of information.  It also gives hackers access to you.  Embrace the good and the bad that this digital age has to offer.  Be proactive and diligent in keeping your personal information safe.