PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In today’s blog, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, discusses some of the steps all of us can take to avoid being the victim of a phishing attack.  He’ll also examine the different types of attacks that cybercriminals are using and why it’s important for us to keep in mind that there’s a few things we shouldn’t do when it comes to protecting our personal and financial information.

By David Dungan

In 2000, there were approximately 361 million people with internet access worldwide; a figure that accounted for roughly six percent of the global population.

Fast forward a quarter century and that number has increased (extra) exponentially, you might say, to 5.64 billion people; a more than ten-fold increase that represents 68.7 percent of the world’s population

Of course, just as we’ve gone from accessing the internet to relying on it to help guide a lot (more) of us through many aspects of our daily life, it’s safe to say that the sophistication and frequency of phishing attacks have increased rapidly. So much so, that 1.2 percent of all emails sent are malicious. And, if that doesn’t seem like a lot, it adds up to 3.4 billion phishing emails every day.

Generally speaking, phishing attacks are used to gain login access by taking up a different identity and pressuring the victim; a scam that is engineered either by eliciting someone’s trust or generating fear by applying undue pressure. Phishing attacks are also designed to gain access to entire enterprise networks simply by stealing the personal information of a single user.

In addition to fraudulent emails, these attacks occur using text messages, and even apps like Microsoft Teams or WhatsApp to trick users into revealing their information. It is essential to understand how to mitigate phishing attacks, as we’ve come to realize, collectively, that they’re not going away. That’s both because of reasons related to human nature and the rapid rate at which technologies are being created.

Some of the more common types of phishing attacks include:

• Email phishing
• Malware phishing
• Spear phishing

Phishing attacks can be difficult to detect and combat, so knowing how to avoid a potential attack is important. There are a couple of best practices that users can do to mitigate and overall reduce the chances of being attacked. The best anti-phishing practices include strong multi-factor authentication, awareness of what phishing attacks are in our educational systems and news, setting up internal email protection, and enabling database shutdown features for company systems. Additionally, making sure the spam filter is activated can as well. These methods can go a long way toward measurably reducing the likelihood of a phishing attack.

Users also need to know common phishing tactics that attackers use to gain victims' trust, including:

• Emotional manipulation
• False Trust
• Perception of Need

When it comes to phishing attacks, knowing what not to do is just as important as knowing what to do. For example, over-reliance on software could result in users who don't know how to properly respond when a threat happens. Never assume that your security knowledge is perfect. There is always something new to learn. Secondly, be sure not to leave inactive accounts open. Attackers target these accounts as a pivot point to gain trust quickly when gaining access to another account. Alternatively, if you are a business owner, ensure you close the accounts of previous employees or vendors that you no longer work with, as their accounts can be used for the attacker's benefit as well.

As phishing attacks evolve, the best protection is a combination of smart habits, utilizing and orienting everyday tools that we already have to behave more securely, and having constant awareness that computer risks in general are ever evolving. Staying informed, cautious, and consistent is key to keeping yourself and your loved ones safe.