Don’t Byte Cyber Bait by Guest Blogger Gary Tonniges Jr. CPA, CGMAPosted: November 28, 2016
I used to wake up early in the morning and go fishing. It was not unusual for me to return home without any fish. My wife would then helpfully point out “that’s why they call it fishing, and not catching.” As I practiced, I learned that the key to catching fish was learning to find where the fish congregated and what they found attractive.
Unfortunately, in the world of online digital security, we are the fish. The fisherman come from locations across the globe. The cloud is increasingly consolidating information of a similar type, such as tax information, into internet accessible locations. These cloud-based systems make attractive targets. Today, criminals send emails to us with authentic looking links and logos hoping we will click a link and enter our user name and password. This category of attack is called “phishing.”
Phishing attacks are old, but effective. Phishing emails are a social attack, since they prey upon our natural tendency to perform repetitive actions without thinking. For example, as we are processing nightly email we receive an official looking email that says our bank is changing their password policy. A helpful link goes to a fake bank site that records your username and password as you enter your credentials. The phishing attack works not because someone guesses your password, but because you give it to them. These emails do not just target bank information. I received a well-crafted phishing email recently asking me to change my office 365 password.
As a protection, if you move your mouse over a link in an email, you will see a pop-up information box that shows the website where the link will take you. An email from Citibank, for example, should link to their official website location. Checking every link reduces the chance you will be tricked. Preferably always type in the website yourself if you are required to enter a password.
A bit of due diligence will improve your defense against phishing attacks.
Gary Tonniges Jr., is a MBA, CPA and founder/owner of TriQuest Technologies. Gary and his team offer real-world insight into each customer’s individual IT objectives and budget constraints while recommending or implementing appropriate technology management strategies. TriQuest Technologies provides customized IT services to mid-size and small businesses in Fort Worth, Texas and across the nation. Gary is Vice-Chairman of the Fort Worth Chapter CPAs Business and Industry Committee.