Phishing and Spear Phishing are Continued Threats: Hackers Finding New Ways to Take Advantage
Hikvision likes to keep its customers up to date on cybersecurity issues, so you can remain knowledgeable to keep your organization safe. A recent Security Magazine article explains how hackers presenting themselves as associated with PayPal are sending phishing emails. Hackers create fake invoices in PayPal then send phishing emails from PayPal’s domain spoofing reputable brands like Norton, for example, often making these phishing attempts successful.
Phishing and spear phishing are constant threats in cybersecurity. However, there are several ways you can remain safe online if you encounter a phishing or spear phishing email. We offer 8 tips to help you stay safe.
- If this is a business email address, let your cybersecurity team know immediately about the threatening email. There could be an ongoing company-wide campaign that the cybersecurity team can stop. If the cybersecurity team is aware of the campaign, they can also help educate employees.
- Visit https://haveibeenpwned.com/ This site is hosted by a respected cybersecurity professional named Troy Hunt. Make sure to enter all work and personal email addresses, and subscribe to get updates. If your email address is ever found in a data breach, you will be alerted.
- Use two-factor authentication (2FA) or multi-factor authentication (MFA) everywhere possible.
- Use a password manager. This will allow you to make great passwords (20 plus characters) that are unique for every website. And you won’t need to remember any of them.
- Never reuse passwords. If you have reused passwords, take time to change them now, before it’s too late. Threat actors buy up username/password lists and start trying to login with the username and password on other sites, like Twitter, Facebook, and Spotify.
- If you are alerted that a password has been compromised, change it immediately and see item number three, above.
- Be wary of short URLs. Malicious links are sometimes sent in short URLs through social media. Check short URLs with a tool like checkshorturl.com to preview the real address before clicking.
- Be aware of doppelganger domains, which are domain names that look like a valid, trusted domain like “goog1e.com.” If you don’t look closely at URLs sent in email, you could quickly overlook this.