DON’T GET HOOKED – HOW TO AVOID BEING PHISHED
Every day, cybercriminals are constantly trying to manipulate your and your staff’s behavior. They do this by using a stream of emails, texts, and social media messages pretending to be a well-known organization or a friend. Their end game is to trick you into clicking on links or attachments that have hidden malware.
The statistics of phishing scams are scary. Successful phishing expeditions cause up to 90% of data breaches. One in every twenty-five branded emails you receive is an attempt to steal your data. The truly alarming fact is attacks are only increasing in number and spreading to different types of media.
In order to not become a victim, you must be able to identify phishing scams. Below we discuss the most common phishing attacks and some great ways to identify a phishing email.
COMMON PHISHING ATTACKS
1. Deceptive Phishing
By far this is the most common type of phishing and uses the “spray and pray” technique. These emails tend to be generic in nature and have one goal, steal your data or login credentials. Cybercriminals will often impersonate a legitimate organization and use threats or create a sense of urgency to trick you into clicking on malicious links or attachments.
2. Spear Phishing
Spear Phishing is prevalent in both email and social media sites. These communications are more specific in nature and often targeted to a person, group, or company. These attacks will have information that is specific to the target and may have personal information to create a sense of trust with the sender.
Once again, the goal is to trick you into clicking on malicious links or attachments.
Whaling is a targeted attack against senior management positions (CEO, CFO, COO) and the staff that support these positions. Using similar techniques as Spear Phishing, the primary goal of whaling is to trick executives into authorizing fraudulent wire transfers or disclosing W-2 information. Although these attacks are directed at all industries, healthcare, technology and banking sectors are favorite targets of the bad guys.
Vishing is where attackers use phone calls instead of email or social media. In this type of ploy, attackers are “dialing for dollars” by calling random phone numbers. The call may come to the victim using a local area code so it looks to be a call from a local source. The bad guys often impersonate a legitimate organization or tech support.
The goal of these attacks is sometimes different as the attackers may ask you to get on your computer and run commands so they can “help” you with a problem (one you don’t really have). The attackers attempt to get the victim to access malicious sites that can install viruses and malware on the victim’s computer. From this software, the attackers can get everything from the victim’s computer, including user accounts and passwords to sensitive sites.
No legitimate company will ever call you to tell you your computer has a virus or ask for your passwords.
Smishing (aka SMS/text phishing) has grown in popularity and is one of the easiest attacks for a bad guy to execute. The message will appear to come from a legitimate source (such as Apple, Microsoft, etc) and us the common tools of threats or create a sense of urgency.
The goal as always is the same, trick victims into clicking on malicious links or attachments.
TIPS FOR SPOTTING A PHISHING ATTACK AND PROTECTING YOUR INFORMATION
Phishing attacks are tricky and sometimes sophisticated, however, there are many ways not to fall victim to these attacks.
Establish cybersecurity awareness training for all employees including senior management
Deploy reliable anti-virus software, firewalls, and anti-spam solutions.
Review each email / SMS text for generic greetings, a sense of urgency, grammar and spelling mistakes, and requests for personal information
Inspect links and attachments carefully – Hover your cursor over all links to validate the link destination
Be suspicous of attachments in unexpected emails
If in doubt about an email or attachment call the sender directly using a number from your personal contact list or found in a search
Set up multi-factor authentication (2FA) whenever possible, especially important for email and financial websites
Limit sharing personal and corporate information on social media
Install security updates on your computer regularly
BE SKEPTICAL. BE SUSPICIOUS.
Phishing attacks try to get us to act without thinking. If something feels off about a message, it probably is! The best defenses against Phishing are
Security awareness training for all staff.
Always THINK BEFORE YOU CLICK
YOUR USERS ARE THE WEAK LINK IN YOUR NETWORK
Are you concerned about your company’s security? Have you sent your staff home to work remotely? Do you not have a security training program in place?
Let the experts at OCS train your employees to stay on their toes and keep network security at the top of their minds.
We began working with Optimized Computer Solutions and Joe Goldstein nearly 2 years ago. If you have a physician practice and are needing IT support, this is the company to work with! Joe’s background in HIPAA compliance, coupled with his knowledge of medical practices and networking systems is second to none! We’ve made many strides in the right direction assuring our network is not only secure but that we also run efficiently. When a computer or networking issue arises, OCS is timely and knowledgeable in helping to resolve the issue. As a Practice Administrator, my team is grateful for the working relationship and support we receive from OCS!
Joe, with Optimized Computer Solutions, is the consummate professional who is not only easy to work with but incredibly knowledgeable in technology solutions. Running a business is hard enough by itself and being able to hand over the IT component has been invaluable to making my business run. Joe has been able to trouble shoot, fix and offer solutions that have saved my business time and money. I would highly recommend Joe and Optimized Computer Solutions to any business in need of superior IT help and solutions.
Optimized Computer Solutions, under the direction and ownership of Joe Goldstein, RESCUED our 12 physician, 8 office Otolaryngology practice. We were faced with a dysfunctional money losing situation and needed to make a change. We were successfully guided through this process under an extremely tight timeline. We came through this difficult experience on time and under budget.
With the guidance and support from OC Solutions, I am more confident then ever that my organization is prepared for the multitude of threats that we as healthcare providers are exposed to on a daily basis.
I cannot recommend Joe Goldstein and the OC Solutions team highly enough. As the CEO of Health to Hope Clinics, I worked with OC Solutions to help us select and deploy a new EMR system. As a Federally Qualified Heath Clinic system we had very unique requirements for an EMR. The requirements for data collection and reporting are quite extensive to say the least.
Joe walked us through the process of scoping our requirements, reviewing solutions, and getting proposals from the three EMRs that fit us best. He went through the painstaking process of sowing the pricing options in a succinct apples-to-apples comparison between the three best solutions. He helped us negotiate pricing that was a fraction of what we thought we would have to spend, while still selecting the system that fit us best.
Once we selected our EMR, Joe managed the hardware upgrades and complete deployment of the system. He led the execution of the entire project on schedule and on budget. Every project of this kind has its frustrations and glitches. Ours were far below what I had expected. In my entire career I can count on one hand when that has happened. I’d highly recommend OC Solutions to anyone who needs strong IT management of their healthcare organization.
I would like to recommend Joe Goldstein and Optimized Computer Solutions for your computer network development, deployment, and support programs.
Acris Solutions has contracted with Optimized Computer Solutions since July 2009. In that time they have facilitated our migration from a physical server environment to a virtualized server environment. In doing so we reduced our physical number of servers by one-half allowing Acris Solutions to eliminate one full rack in our datacenter and its associated costs. They have deployed upgrades to our firewalls, SAN, network design and domain infrastructure including the replacement of over 20 pieces of old equipment with new servers and storage appliances. Optimized Computer Solutions has been instrumental in the installation and deployment of the XenApp Citrix connection platform and our migration from Windows XP/ Office 2003 to Windows 7 /Office 2010. They have partnered with Acris Solutions in the launch of multiple new customers supporting over 350 users in multiple branch locations.
They have provided Acris Solutions with level 1,2 and 3 support on a 24/7/365 basis with tiered responses time graduate from four hours for minor incidents to one hour for major/severe incidents. In providing these levels of support we have achieved customer satisfaction levels of 98% or better.
I believe that Optimized Computers Solutions will be a partner with Acris Solutions for many years to come and I know that they will meet your expectations in the performance of their duties within the scope of the service contract.