There’s a March Madness of a different kind that happens each year during this time of tournaments: the onslaught of phishing emails that users fall for over and over again.
With pools that take place in our offices, among friends, or to the individual who wants to join a group online, hackers are handed a very easy way to get us to click as we look to participate and enter our bracket choices. They don’t even have to work hard to socially engineer or disguise their sites, because we rarely verify these sites for safety or authenticity. We just trust that we are safely clicking and inputting our choices and personal information. Take it a step further and input any payment information and we’ve given them a bonus.
This year especially, with so much remote interaction, we’re expecting to learn about a lot of cybercrime that took advantage of the March college basketball games as an opportunity to deploy ransomware and breach networks.
Humans are the link in the cybersecurity chain where access is usually weakest, trust is established – or overlooked – easily. Especially when our excitement is high, and we don’t view what we are doing as anything other than “some harmless fun” with little or no value to hackers. What would they need with my basketball picks?
They don’t care about THOSE but they do care about your login credentials that may be used on another account or gaining your trust and assuming your guard is down as you click on malicious links.
Take heed before you think an old friend has reached out to connect via a fun tournament site. Don’t click on links without doing some verification that it is legit and not disguised with text that misrepresents where the actual link takes you to. Hover, examine and ensure that you are headed to a valid location. Do the same with email addresses. Look for misspellings and names that are merely a disguise for a fake account. Those extra s’s or other letters aren’t easily seen with a quick glance. Marchmadnness.com – did your eye catch that extra N right away? Also, don’t open attachments or offer up financial input without doubling down on your efforts to verify.
A few minutes to verify will increase your odds of advancing through the tournament of cyber safety to be the last man or woman standing on the court after the madness has subsided.
One of the easiest ways to ensure your employees are best equipped to recognize a phishing attempt is to enroll them in our Security Awareness Training. It’s affordable and scalable for any size office. Give us a call today!