Cybersecurity: How to Protect Yourself from Phishing, Spoofing, and Smishing

Spam emails, texts, and calls – we all get them. The offerings are usually too good to be true: a free cruise, an inheritance from a long-lost aunt, a free iPhone. Who wouldn’t want to be the lucky winner? And that’s exactly what hackers bank on.

Scams are effective because they prey upon people’s desires:

• the desire to win
• the desire to have more
• and even the desire to be needed.

That’s why hackers will often impersonate people we know, emailing us with an urgent need for us to call them, send them money, or help them with an immediate issue that only we can solve.

Spam and scam emails on the rise

You may have noticed an increase in suspicious emails lately. You aren’t alone. According to a report by Abnormal Security covering January to June of 2022, cyber email attacks have increased 48% from the previous six months, and there has been a 150% year-over-year increase in business email compromise attacks.

Berkshire Money Management strives to support our clients in all aspects of their lives, starting with their finances. Now, more than ever, we want to help protect our clients from cyberattacks. In addition to enhancing our internal measures and employee trainings, we will be providing tips, best practices, and helpful information to our clients as we all navigate the everchanging topic of cybersecurity together.

Phishing

Targeted email attacks, commonly known as phishing, are the most widespread form of hacking. Phishing emails pretend to come from reputable companies, such as Amazon or PayPal, or trusted sources like family members, co-workers, or government agencies. The goal is often to steal passwords, credit card numbers, or other sensitive information by pointing targets to fake log-in pages or sometimes by simply asking.

Spoofing

Hackers will also use a technique called spoofing where they falsify a phone number, email address, or website to make the communication appear as though it came from a legitimate source. Spoofing is a tactic frequently used in business email compromise attempts.

Business Email Compromise

Also referred to as whaling, business email compromise (BEC) is one of the most financially damaging cyber-attacks. Hackers often impersonate a high-level executive or a third-party vendor and instruct the recipient to transfer money, pay a vendor invoice, or provide sensitive information. These requests convey a need for urgent response to frighten the recipients into immediate action.

Red flags to watch for in your inbox:

• Subject lines insinuating extreme urgency or demand.
  Take extra caution with any emails that pique your curiosity, offer you a free prize or reward, frighten you, or prompt you to act immediately as these are popular social engineering tactics used by hackers.
• Attached files, links to websites or shared documents, and/or photos sent to you in an unsolicited or unexpected email.
  This is a common method that hackers use to install malware onto your device. Hovering your mouse over the link without clicking will show you the actual destination. If this address does not match the link in the email or has slight spelling variations (i.e., disney.com vs d1sney.com), this is likely a scam.
• Spelling and/or grammatical errors are typically indicative of fraudulent emails.
  Messages from your bank, utility company, or favorite streaming service typically don’t include glaring spelling and grammar mistakes. If the email doesn’t seem right, it probably isn’t!

Smishing is the new phishing

As technology evolves, so do bad actors. Mobile devices, including cell phones and tablets, are becoming the most frequent targets for hackers due to their prevalence of usage and the high level of comfort users feel with their devices. People are three times more likely to click a link on their mobile device compared to a computer as it is harder to verify the true destination of a link in this format. This form of cyberattack is called smishing and refers specifically to phishing conducted via text message, iMessage, or other messenger applications, including social media messaging apps.

How secure is your cell phone?

In general, iPhones are considered to be more secure than Android devices due to hefty security controls put in place by Apple. Android devices allow more functionality and customization, as well as a more open development platform and app store than iPhones, which can be advantageous to users but also increases security risks. As a result, Android users should be extremely cautious when downloading applications from any app store, especially third-party platforms. The Google Play Store is nine times safer than third-party app stores.

How to protect your personal information from scammers and hackers:

• Never click links or download attachments in an unsolicited or unexpected email.
  Contact the sender using an alternate contact method to verify authenticity.
• Create complex, unique, and random passwords for each log-in.
  We recommend using passwords that are a minimum of 16 characters and contain special characters, numbers, and capital letters. For example, use a password such as “b-R3@-kfA$t!buRR1t0%” or “xX54-!26jLJ43$m%”.
• Use password management software rather than writing passwords down.
• Do not allow a familiar email address, caller ID, or website address lull you into a sense of false security.
  Email addresses, caller ID, and URLs can be easily spoofed.
• Update your devices regularly, especially cell phone operating systems.
• Think twice before acting.
  Remember, it is always best to slow down and verify than react immediately and potentially put yourself at risk.

Technology and cybersecurity are constantly evolving, and they can be challenging to keep up with. While protecting yourself from hackers may seem daunting, the steps outlined above will go a long way to keep you and your data safer.

---

Test your phishing knowledge with this quiz from Google!

Take the Phishing Quiz

---

Julia Lewis is a Compliance Professional at Berkshire Money Management.