8 Ways To Identify Phishing Attempts

What is phishing? 

Phishing is a cybercrime that uses electronic communication to take advantage of users. Attackers attempt to gain sensitive or confidential information, such as usernames and passwords, credit card information, and more by posing as legitimate organizations or individuals. They use social engineering to manipulate victims into clicking on malicious links and entering this information. Below are eight ways to identify a phishing email. 

Types of Phishing 

Spear Phishing 

These attacks will not look random, like a general phishing attempt. Attackers will gather information about the victim to make the email feel more authentic. 

Clone Phishing 

Attackers will make almost identical copies of previously delivered email messages and change an attachment or link to something malicious.  

Whaling 

Specifically targeting high profile and/or senior executives at organizations, they will often present themselves as legal communication or other high-level executive business. 

Methods of Phishing 

Requests for Sensitive Information.  

A legitimate organization will never ask you to enter any information that is sensitive by following a link. You will usually be asked to go to the official website or app to enter your credentials and any other information that is required. 

Generic Salutations.  

Most hackers will greet you with a “Dear valued customer” or “Dear account holder”. Sometimes, ads will not even include a greeting. These are clear signs that this might be a phishing attempt. Genuine organizations will use your full name.  

 Check the Domain.  

Don’t just check the name of the sender. Check the email address attached by hovering over the ‘from’ address. If you see any changes from what you were expecting, like numbers or letters added, this might be a phishing attempt.  

 Bad Grammar.  

Legitimate organizations will send emails that are well written. There are no spelling errors or bad syntax. Hackers believe their prey are less observant and easier targets, so they tend to have spelling errors and grammatical mistakes in what they send out.  

 Forcing You on to Site.  

If in doubt, don’t open the email. A lot of the time, emails can be coded entirely as a hyperlink so any accidental click anywhere in the email can lead you to a malicious site or start a spam download on your computer. 

 Unsolicited Attachments.  

Authentic organizations will seldom send you attachments. They will usually direct you to their website to download what you need from there. It’s not foolproof because there are times when they will send you information that you need to download, but this isn’t very common. 

 Hyperlinks.  

Always hover over any links in the email because it may not be all it appears to be. When you hover over the link, it will show you the actual URL it will direct you to. 

 Sense of Urgency.  

One of a hackers favorite methods to hook a victim is asking them to act fast, either by offering a one-time deal for a limited time or stating that your account has been compromised. It is usually best to ignore these communications. 

Email Security 

Why is email such an easy target? Because while most people know how to send and receive emails, the same cannot be said about the understanding of how emails are sent or received. This lack of understanding also make gaining access to emails so simple, that hackers just can’t resist.  

The simplicity inherent to modern email interfaces lulls users into a false sense of security. “Of course the email is secure, how could it not be?”. We can check it anywhere. Send communication from anywhere at any time with a click of a button. However, a potent combination of human error and malicious agents can make emails one of the most dangerous threats to an organizations security. Email-based threats account for 25% of all data breaches within the US and causes major losses numbering in the billions of dollars annually.  

As with all cyber security, email security starts with employee training, helping employees understand how to identify and question suspicious looking emails. Alongside this training, organizations need to make sure that they have the right tools to fight against this data theft; anti-virus filters, email filtering, email encryption and more.  

Need more info? The Federal Trade Commission can help you identify and avoid phishing scams. Also make sure your employees follow the Braxton-Grant Technologies guide on the fundamentals.  

Reducing Your Digital Footprint

digital footprint is the trail and traces that people leave behind online, on social media, websites, or chats.  Often, you may be leaving a trail unwittingly.  These days we are bombarded with so much noise when we go online.  “Sign up with us and get a free something or other.”  “20% off XXXX when you register…”  We set up accounts on social media platforms and apps every day without thinking twice.  Most often, when you do that, you are adding to your digital footprint and leaving yourself open to vulnerabilities or in the least, unwanted solicitations.

There are many ways you can reduce that footprint or make it more positive.  Here are eight simple steps you can take to stay a little safer online.

Check your privacy settings on your social media accounts.  

It’s very important to know who is seeing the information you post online.  And now social networks offer you more control with settings that can help you manage the content you share.  Keep in mind that updates and changes to the platform can affect your privacy settings, so make sure to check them once or twice year.

Antivirus software should always be up to date.  

Updating your software regularly will ensure that any vulnerabilities will be patched up.  Security holes aren’t preventable but with the latest versions of AV software, hackers will have a harder time getting into your system.  Before clicking that little “New update available” popup, make sure that the updates are accurate and relative.

Delete or deactivate old shopping or social accounts. 

Did you buy a widget from Widgets-R-Us last year to fill out the ol’ Christmas shopping list?  What happens if widgetsrus.com goes under, and the assets for the company are auctioned off to the highest bidder?  Your personal data is now in the hands of an unknown third party.  Deleting your data from a service by contacting a company directly and asking for your customer data to be deleted is the best way to cover yourself in this case.  If you cannot do this, at least delete your account on the website!

Browse the Internet with “Do not track” enabled.

Most modern browsers and even operating systems have the option for you to send a request to each website you visit which says, “do not track my activity on this website”.  While imperfect, this is a simple way to keep your data out of the hands of compliant websites.

Don’t click on random surveys.

Unless going through a trusted service, such as Survey Monkey or Google Opinion rewards, giving data to a random website to “Find out what Game of Thrones Character is your spirit animal” is a surefire way to get your information out to the world at large.  That’s not a good thing.  It’s all fun and games until your email address gets leaked in a data breach.

Have a public-facing email.

Let’s face it, you can’t always avoid giving out your email.  There are tangible, financial incentives tied to giving away your email address.  The reason for this, however, is because they can make a lot more money off of your email than you will save to get your discount.  Using a single email which is dedicated to absorbing spam offers and which, at worst, you can simply delete without any major repercussions allows you to avoid not only spam email, but also exposing your proper email in a data breach.

Clear your browsing history and cache.

Clearing your browser history isn’t just for getting away with browsing sites you shouldn’t be using at work.  It also protects you in the event that your computer is compromised; it will be harder for a thief to see what sites you frequent.  Clearing your browser cache, on the other hand, will clear out tracking cookies which are used by websites to track you, even between multiple websites.  Enabling “Do not track” can prevent some of these cookies from being stored, but clearing your cache deletes any that make it to you despite your request.

Think about your offline presence.

You need to be aware of the information you share offline.  Make sure you understand how the businesses you use, whether it be a utility company or a grocery store, will use your information.  Most information you see online originates from somewhere offline.

Every time you post, share, or enter your information online, you are creating a digital trail.  It’s not always a bad thing.  A digital footprint can be a positive image, an extension of who you are online.  But be aware of the risks and keep track of your information.

Print out the handy little guide above so you can take it wherever you go.

Baltimore Data Connectors Press Release

On June 13 Braxton-Grant Technologies, Inc.  participated in the Baltimore Data Connectors Cybersecurity Conference with Array Networks.   Braxton-Grant is an important partner for Array Networks in the Mid-Atlantic region and particularly in the Federal, State, and Local Government space.  Array Networks develops purpose-built systems for deploying virtual networking and security functions with guaranteed performance.  Proven around the world, Array is recognized by leading enterprises and service providers for next-generation technology that delivers agility at scale.  Braxton-Grant is a reseller of and service provider for Array Networks products and its engineers are available to implement the AVX Networks Functions Platforms and integrate them into customer networks in both cleared and uncleared environments.  Braxton-Grant can work with customers to determine which 3rd Party network functions the company could benefit from having on the Array Networks to provide reduced cost, space, power , and cooling on a platform designed with reserved resources per VM to provide superior performance and guaranteed SLAs.  Braxton-Grant can also offer an integrated solution withFortinet next-gen security solutions on the Array platform.   For further information on how Braxton-Grant can help deliver the benefits of Array Networks to your environment as well as the many other cybersecurity products and services we can deliver to your networks please see www.braxtongrant.com.

Braxton-Grant Wins 2017 Symantec Secure One Services Partner of the Year

We are proud to announce that we recently won the “Secure One Services Partner of the Year” from Symantec for Fiscal Year 2017! This is the second year in a row we have won this prestigious award!

Secure One Services is directed at partners who consider service and support an integral part of their business and want to grow their services business with Symantec. As a partner, Braxton-Grant Technologies meets a set of stringent support readiness and training requirements, including Symantec accreditation.

Cyber Security Threats to Higher Education Institutions

Cyber security is a topic which is at the top of many organizations priority lists. As more and more of our daily lives are moved online, it is essential to be as safe as possible when it comes to digital records, personal information, and more. Hackers are constantly at work with the goal of stealing valuable data, and only organizations who are committed to investing in cyber security will be able to stay one step ahead of the game.

While the threat of hacking has always been evident for businesses, it is now a concern for institutions of higher learning as well. These institutions face challenges which are unique to the way they operate, meaning they have to seek out appropriate solutions to keep their data safe and secure. Some of the specific cyber security threats which are faced by higher education institutions are listed below.

SECURING THE CLOUD
Most of the computing that happens at educational institutions happens at the cloud level. This makes sense for a lot of reasons, but it also opens the organization up to hacking efforts. To make sure that the data which is stored and shared in the cloud remains secure, the IT department has to pay special attention to this part of the equation.

EDUCATING USERS
It can be hard to grab the attention of students and faculty alike to have them focus on a topic like cyber security. Staff members have their own jobs to be concerned with, and the students are trying to balance classwork with their extracurricular activities. Getting the message through about cyber security is an important responsibility which is shared by everyone on campus can be tricky, to say the least.

A VARIETY OF DEVICES
On a large campus, it is impossible to control the various devices which are being used over the school’s network. This can present obvious challenges, as all of those devices are unlikely to be properly secured. This is another point which highlights the importance of user education. When everyone involved with the school understands the critical nature of cyber security for higher education, it will be easier to convince them that they need to be using appropriately secure devices.

CONTROLLING ACCESS
There are a number of different permission levels needed to properly manage the data associated with a learning institution. Providing all individuals with the right level of access is not always easy, especially with roles changing quickly on a big campus. When permissions are not handled correctly, it may lead to vulnerabilities in the system.

The IT department at an institution of higher learning has a serious challenge on their hands, to be sure. There are many cyber security threats faced by the average university, and the answers to those threats are not always easy to find. Of course, as is always the case with online security, taking a proactive approach is an important first step. Simply by being aware of the importance of cyber security and the many threats that are lurking, a school should be able to stay on track toward a successful future.