(**updated June 2022)
The answer to this question is a definite YES! Phishing is a leading cause of cyber-attacks throughout Maryland, Virginia, and DC, so it's not surprising that the CompTIA Security+ certification pays particular attention to this system vulnerability. But what is phishing, why is it a problem, and how is phishing covered in the Security+ exam? Let's explore!
What is Phishing?
Phishing is the fraudulent practice of sending emails while impersonating reputable companies to induce individuals to reveal personal or company information, including passwords, credit card numbers, and more sensitive details. This cybercrime has become more prevalent over time, with the first phishing report as early as 1996.
Although phishing is typically used to scam those over email, phishing can take on different forms. Some examples of this alternative way of phishing can include fake phone calls, text messages, and responses on social media such as Instagram, Twitter, Linkedin, and more.
With the number of reports of phishing steadily growing each year, consumers need to understand the concept to protect themselves from falling victim. This discussion and general knowledge of phishing will allow organizations and people themselves to keep their information secure as well as safe.
Why is Phishing Important to Know About?
With the rapid rise of cybercrime, consumers must continue to be aware of phishing and its detrimental effects on someone. Without this knowledge and awareness of phishing, consumers are more likely to fall for the traps that creative hackers leave.
A clear example of a trap set by hackers would be the phishing attack on Baltimore City, MD, which happened in February of this current year, 2022. In this attack, Baltimore City itself lost about $375K to the hacker, which has led them into the process of trying to recover. In this instance, the hacker infiltrated their system by posing as a vendor with municipal contracts.
While disguised, the hacker could correspond with multiple municipal employees without others knowing, as they utilized a tainted email address. The hacker posed as others, such as the vendor's chief financial officer, going so far as to speak to the Department of Finance about their transaction. While doing this, the hacker also managed to move the funds three times to three different banks, ultimately allowing them to gain more funds and take out the final sum at the final bank.
The main reason this hacker could get in was the lack of a list of authorized signatories for the vendors for municipal employees to check, which in turn granted the hackers the power to pose as one of them.
In the aftermath, the Department of Finance Director stated about the situation, saying that their office will continue to review protocols and "has immediately strengthened internal protocols." Altogether, this attack could have been entirely avoidable if the employees and departments had been more aware of what phishing could look like.
Common Ways To Detect Phishing
The Email Was Sent From a Public Domain:
One of the most apparent signs that the random email you received is a scam would be if the email were sent from a public domain. They will often have their own domain name if they are a legitimate business or company. For example, an actual email sent from the Apple Corporation will read @apple.com at the end of their email address, making it clear who is sending it. If a business contacts you without its domain, you don't need to worry yet!
The next step individuals can take is to check and match the email's sender to their apparent domain name. It will most likely be a legitimate email sent from that person or company if they are a match. However, if the apparent sender and the domain name are not associated with one another, it is a clear sign that it is a scam email and a hacker's attempt at phishing.
Along with this, if you receive an email from someone utilizing a public domain name such as @gmail.com, this could also indicate a potential scam. Altogether, all consumers must check the sender and domain name of all emails coming into their inbox, especially before clicking on anything within the email.
Includes Infected Links or Suspicious Attachments:
Most Phishing emails will contain two things - infected links and suspicious attachments. These are two of the most prominent tools hackers utilize to get consumers caught up in a scam. Both of them are considered to be a "payload." This payload, either the link or the attachment, can be employed by hackers to capture classified information within the consumer's system or network.
Although some may try simply clicking on the link, this is not the best way to go either. Most of the time, clicking on it will ultimately lead to a completely bogus site. This can then cause you to exit the site and think nothing happened, but in reality, the hacker has already made their way into your network.
When dealing with infected links, it is always best to determine if the destination address matches the context or message of the email. If it is not a match or does not make sense, chances are it is a scam. Along with this, consumers can check the link's destination before actually clicking on it by simply hovering over it and displaying the preview window for the supposed site.
If the site looks legitimate, it is probably not a scam. However, most of the time, these links will lead to a nonsense site that isn't real. If this is the case, it is most likely a scam. A good rule of thumb to follow when navigating these links would be to refrain from clicking on links within the email until you verify the identity of the sender as well as the content of the message.
As for suspicious attachments, these are a similar but more complex problem. Once a person downloads the bogus attachment, it will open a benign document containing malware. This malware is a kind of software used by hackers to disrupt, damage, or gain unauthorized access to a computer system.
Once downloaded, the hacker has full access to your system and network, allowing them free reign to take whatever information they please, without your knowledge. Altogether, when it comes to suspicious attachments, it is highly recommended to again refrain from opening them until you can verify and ensure that it is coming from a legitimate party or sender.
It is also advised to look out for security messages from your computer that may pop up before or when trying to open the attachment. These warning signs can save you immensely, as they will help to protect your information and inform you when something is suspicious.
Misspelled or Grammatically Incorrect Message:
The final sign of a phishing scam would be the kind of content within the email's message. If you see blatant typos or misspellings within the message, steer clear and do not engage with it. It is common for hackers to send hundreds of emails daily, hoping to get at least one caught in their scam. This means that the content of their message will most likely be lacking, whether in grammar, mechanics, or spelling. Although most hackers come from non-English speaking countries, they often utilize a spell check service when crafting these scam emails to make it easier to trick someone. This makes checking the content of the message of dire importance as it can provide clear indications of a scam.
Common Questions to Think About When Trying to Detect a Potential Scam
Down below, we have included some questions to ask yourself if you are ever in the situation of trying to determine whether or not the message is fraudulent or a scam. Ask yourself these questions each time to ensure your information and system is safe!
- Is it a common sign of a typo (like hitting an adjacent key) or a common typo within the words?
- Is it a mistake a native speaker wouldn't make (grammatical incoherence, words used in the wrong context)?
- Is this email a template that should have been crafted and copy-edited?
- Is the message consistent with the previous ones you've received from this person or the sender's address?
Methods To Avoid Scams & Phishing:
- Protect your computer by using security software - Set it up to automatically update when it needs it. This ensures that any new security threats will be taken care of
- Protect accounts utilizing multi-factor authentication - This extra security forces you to provide two different credentials to log in, usually utilizes two types (something you are - fingerprint, facial scan, something you have - passcode/password)
- Protect home network by continually backing up your data - Ensure that the backups are not connected to your home network, copy your computer files and put them on an external hard drive or into cloud storage
What Aspects of Phishing are Covered in the Security+ Course
Within the CompTIA Security+ Course, available here in Greenbelt, MD, at TrainACE, students will gain an in-depth understanding of phishing and how it relates to cybersecurity.
The 1st module of the course goes over the kinds of phishing, what scams typically will look like, and the steps for what to do if a scam has already been completed. Students will also learn about the indicators of compromise within their system, including subjects such as malware types, phishing, spyware, security policy, and more!
Lastly, within the incident response section, students will learn the proper procedures for handling a scam in the aftermath and the steps for recovery. Although it can be considered a small piece of the Security+ course, phishing is one of the key elements taught within the class, as it helps to secure and protect your network from security threats.
To gain this in-depth understanding of phishing and learn these broad cybersecurity concepts, reach out to us at (301) 220-2802 to schedule a consultation or check out the Security+ Class page for more information