The number of new phishing and malicious emails and
websites is on the rise and their sophistication has increased. Below are some
tips to help protect yourself.
Ransomware
Ransomware is increasingly being used by hackers to extort
money from companies and individuals. Ransomware is a type of malicious
software that takes over your computer and prevents you from accessing files
until you pay a ransom.
- Do not click on links or
attachments from senders that you do not recognize. Be especially wary
of .zip or other compressed or executable file types.
- Do not provide sensitive personal
information (like usernames and passwords) over email.
- Watch for email senders that use
suspicious or misleading domain names.
- If you can’t tell if an email is
legitimate or not ignore it or delete it. If you are at work, contact
your work's IT support team.
- Be especially cautious when
opening attachments or clicking links if you receive an email containing a
warning banner indicating that it originated from an external source.
- Keep "offline" backups
of important information. For example, an external hard drive that is
only connected when performing backups or restoring files.
If your computer is infected with ransomware, you will
typically be locked out of all programs and a “ransom screen” will
appear. If you are an employee at a business, contact your internal IT
support team. For individuals you may need to seek help from profession IT
services.
Phishing
"Phishing" is the most common type of
cyber-attack that affects organizations and individuals. Phishing attacks can
take many forms, but they all share a common goal – getting you to share
sensitive information such as login credentials, credit card information, or
bank account details.
We’ve outlined a few different types of phishing attacks to
watch out for:
- Phishing: In this type of attack, hackers impersonate a real company or
individual to obtain your login credentials. You may receive an e-mail
asking you to verify your account details with a link that takes you to an
imposter login screen that delivers your information directly to the
attackers.
- Spear Phishing: Spear phishing is a more sophisticated phishing attack that
includes customized information that makes the attacker seem like a
legitimate source. They may use your name and phone number and refer to
your company name or other personal information in the e-mail to trick you
into thinking they have a connection to you, making you more likely to
click a link or attachment that they provide.
- Whaling: Whaling is a popular ploy aimed at getting you to transfer
money or send sensitive information to an attacker via email by
impersonating a real company executive. Using a fake domain that appears
similar to to the target, they look like normal emails from a high-level
official of the company, typically the CEO or CFO, and ask you for
sensitive information (including usernames and passwords).
- Shared Document Phishing: You may receive an email that appears to come from file-sharing
sites like Dropbox or Google Drive alerting you that a document has been
shared with you. The link provided in these e-mails will take you to a
fake login page that mimics the real login page and will steal your
account credentials.
What You Can Do?
To avoid these phishing schemes,
please observe the following email best practices:
- Do not click on links or
attachments from senders that you do not recognize. Be especially wary of
.zip or other compressed or executable file types.
- Do not provide sensitive personal
information (like usernames and passwords) over email.
- Watch for email senders that use
suspicious or misleading domain names (microsoft.com vs micr0soft.com for
example)
- Inspect URLs carefully to make
sure they’re legitimate and not imposter sites.
- Do not try to open any shared
document that you’re not expecting to receive.
- Be especially cautious when
opening attachments or clicking links if you receive an email containing a
warning banner indicating that it originated from an external source.
General Tips
- Always make sure your Operating
System and applications are up to date
- Use and keep up to date
anti-virus software
- Consider using tools to block ads
and suspicious sites. Many ads and ad networks can become infected and
deliver "drive-by" attacks
- Keep backups of your important
files or whole systems. Preferably have an "offline" backup that
cannot be targeted if your computer is compromised
For more information, you can also visit Canadian Centre for Cyber Security's page on spotting
malicious email messages