What is Phishing?

Louisiana is the “Sportsman Paradise”.  Here we love to hunt and love to fish.  Ask any Louisiana angler about it and they can talk for hours on baits, rods and reels, and the best spots (but not their best spot).  But what do we know about phishing or spear phishing?  And no this is not the “cajunized” spelling of one of our favorite pastimes, these are real threats to companies and individuals alike.

We have all experienced phishing is one form or another.  The most detestable is the robo-calls the we have all received at one point or another.  A mass automatic contact trying to get some unsuspecting individual to answer the phone and buy their bogus car warranty.  The other more nefarious form is in the mass emails that go out every day, trying to get you to reset your Facebook or Instagram password.  The links in these emails are 99.99% fraudulent.  It is easy to tell with just a little bit of work, even for the unenlightened iPhone user.  Click the “company” that sent that email, and it will turn blue (like a contact).  Click it again and it will show you the email address that it came from.  No it’s not the Nigerian Prince of the 1990s fame, but probably a distant relative.  If you are unsure in this phishing attack, go to the app or the website the email is claiming to be from, and change your password there.  There is never any harm in doing a password change, other than having to go through all of your devices, in fact it will probably do some good (like taking a multi-vitamin).  Knowledge is power, don’t be a phish.

Spear phishing is similar to regular phishing, in that it is an unsolicited email, but this time it is not part of a mass email campaign, it is “targeted” to an individual.  With all of the data breaches that have happened over the last 5 years, it would be naïve to think that you are not on some nefarious actor’s radar.  This is especially true as people “move up” the corporate ladder.  Once it becomes public knowledge (Twitter, Facebook, LinkedIn…) then they also move up on the radar of people that want gain access to them and the systems they use.  Now I’m not advocating against making announcements I’ve done it myself), but what I am saying is that as your responsibility at work increases, so too does the awareness of spear phishing attacks.

In the vein of “Truth in lending”, I’m not an IT professional, nor have I received any IT certifications.  These are just my uncommon sense recommendations to everyday computer users.

  1. Never click a link in an email. Go to the app/website to do your business / change your password / update your account settings etc…
  2. Stop signing up for everyone’s email lists. If there is a sale at the company that you regularly shop online, you will know about it.
  3. If the “deal” in the email is too good to be true, it probably is and the lost time (and money) trying to recover from a phish is not worth the savings.
  4. Saving passwords in web browsers makes life simple, recovering from being a phish is hard. Make your choices wisely.
  5. If you don’t know the person that sent the email, just delete it.
  6. Really manage your “friend” requests. Having a lot of “followers” just increases your odds of being the “phish”
  7. “Cool things you never knew about….” or similar slide shows are the entrance to rabbit holes that can lead to you being a phish.
  8. Never take a survey related to the slide shows above. They are phishing traps (usually).

I have developed these rules after watching things happen in my own house, emails accounts get hacked, Instagram accounts stolen, etc.  These rules won’t prevent you from being a phish, but if you know what bait they are phishing with, then you can avoid the possibility of being a phish.

Leave a Reply