One of the most valuable things we have is our identity. With almost all of our financial, government and medical records accessible online – it’s important to make sure that you, and only you have access to your sensitive information. Recovering from identity theft can take time and a lot of administrative red tape, causing more distress and loss in the meantime. While employing a new arsenal of prevention strategies can seem fatiguing – it’s all part of adopting a security-first approach, something that must be the new normal.
Phishing scams are usually email based attacks making fraudulent attempts to obtain sensitive information. They usually succeed by simulating a familiar sender, adding urgency to act and asking for information or to complete a task by clicking on a link or downloading a document. Generative AI has made spotting them by the usual spelling mistakes or diction errors a lot harder.
We use the “Scan for S.C.A.M” approach
S - Sender. Check the sender's email address for legitimacy and look out for misspellings or suspicious domains
C - Content. Beware of emails or messages that request personal information or direct you to a website to enter such information.
A - Action Never click on links or download attachments from unknown or suspicious emails, always do the hover test
M - Manage Beware anything urgent or out of character for a colleague or boss – it might be a spear phishing attempt. Always verify identity and if you cannot, report the email to your IT department as SPAM.
Multi-Factor Authentication (MFA) is a security measure that requires more than one method of authentication to verify the users. You can combine two or more independent credentials: what the user knows (password), what the user has (security token), and what the user is (biometric verification).
How it works: MFA makes it difficult for unauthorised users to access a device or network as there are several layers to access it. Even if a criminal manages to obtain your password, they would still need the second factor. Popular methods include using an authentication app or physical security token.
Security on public networks: Public Wi-Fi networks, while convenient, are notoriously insecure. Cyber criminals often exploit these networks to intercept data and launch attacks. It’s exceptionally easy for them to impersonate a valid Wi-Fi signal by naming theirs in a similar fashion, hoping that they can steal data and information from those that log in by mistake.
- Always verify the network SSID (name) with a reliable source before connecting.
- Avoid accessing sensitive information, such as bank accounts, when connected to public Wi-Fi.
- Use a VPN to encrypt your data when away from home or the office.
While these strategies aren’t exhaustive, by using them as a habit, you can significantly enhance the protection of your digital identity. It may be somewhat annoying to implement every time, but complacency is the enemy. Stay informed, and take proactive steps to safeguard your identity.
Check out our course catalogue and request a demo today and find out how Phriendly Phishing can uplift your organisation's security awareness culture.