The Cyber-Security Awareness Month is behind us and we are into November, but I thought as a final signoff, I would share a few statistics and give some common sense advice to help you to be come more aware of phishing scams and how to spot them.
Don’t think that South Africa is not sophisticated or advanced enough to be excluded from phishing attacks. According to Drew van Vuuren, CEO of 4Di Privaca, South Africa is the second most targeted country globally when it comes to Phishing attacks.
With the cost of phishing in South Africa amounting to approximately R4.2 billion in 2013 alone and with South Africa accounting for 5% of the total volume of all phishing attacks globally, it is not a matter of “if” the university is going to be a target, but “when”. If you are not worried about phishing attacks, you should be! It is not just Information Technology’s problem, it is yours too!
E-mail-related threats are along with other businesses and enterprises the university’s biggest security concern. According to some people in the know, more than half of university personnel having dealt with a phishing scam at least once this year with some receiving more than 500 suspicious e-mails a week. (In a lot of cases Information Technology’s email servers were able to block and filter out most of the e-mail threats before they could be delivered)
According to a 2016 survey done by Symantec, over 30% of South African Internet users share at least 3 pieces of personal information on their social media profiles that can make stealing their identity easy.
60% of the respondents admitted that they had no idea what their privacy settings were and who could see their personal information on sites like Facebook, Instagram, Twitter etc.
People often become victims of online fraud by using the same password or usernames on multiple sites, including social media sites and Internet banking sites. According to Ofcom’s “Adults’ Media Use and Attitudes Report 2013” report, 55% of the poll respondents used the same password for most – if not all! – websites.
Here are 10 common-sense tips to help you spot and prevent becoming a victim of a phishing scam:
1. Learn to identify suspected phishing e-mails
- They duplicate the images and branding of a real company.
- They copy the name of a company or an actual employee of the company.
- They include sites that are visually similar or identical to a real business.
- They promote gifts, or threaten the closure of an existing account.
2. Check the source of information from incoming e-mail
Your bank, Information Technology, or cellphone provider will never ask you to send your passwords or personal information by mail. Never respond to these questions, and if you have the slightest doubt, call your bank, IT or your cellphone provider directly for clarification.
3. Never go to your bank’s website by clicking on links included in e-mails
Do not click on hyperlinks or links attached in the email, as it willt direct you to a fraudulent website.
Type in the URL directly into your browser or use your own bookmarks or favorites if you want to go faster.
4. Beef up the security of your computer
Common sense and good judgement is as vital as keeping your computer protected with a good antivirus and anti-malware software to block this type of attack.
In addition, you should always have the most recent update on your operating system and web browsers.
5. Enter your sensitive data in secure websites only
In order for a site to be ‘safe’, the address must all begin with ‘https://’ and your browser should show an icon of a closed lock.
6. Periodically check your accounts
It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.
7. Phishing doesn’t only pertain to online banking
Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc. Even the university’s e-HR site was targeted in 2017.
8. Phishing is international
Phishing knows no boundaries, and can reach you in any language. In general, they are poorly written or translated, so this may be another indicator that something is wrong.
9. Have the slightest doubt? Do not risk it
The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data.
Delete these emails and call your bank to clarify any doubts.
10. Keep up to date and read about the evolution of malware
If you want to keep up to date with the latest malware attacks, recommendations or advice to avoid any danger on the network, subscribe to the Information Technology blog or follow them on Twitter. Put your local computer geek or the IT HelpDesk on the speed dial of your cellphone, and don’t be embarrassed or too proud to ask questions from those who are knowledgeable about such things.
Keep safe out there…