Skip to main content

Gone Phishin': What to Watch for and How to Keep from Being a "Big Phish"

Fish BowlHave you heard of phishing? And no, I don’t mean casting a hook into water with high hopes of landing the mother of all fish to brag about with friends. Although, this isn’t far from what happens in the social engineering techniques employed to deceive users... Which hacker can obtain the greatest amount of information by exploiting your weakness?  

Let’s examine a couple types of phishing. 

Spear phishing  

Spear phishing is an attempt by the hacker to target specific individuals. These anglers are after access to company information. They might do research on you to add details that personalize the email and increase the success rate. For example: that recent vacation you took to the Bahamas was certainly brag-worthy. However, your extensive posting on Facebook without locking down your profile means this hacker just gained the perfect in by mentioning your penchant for body surfing your way across the globe. “They must know me, that’s such personal information!” Don’t fall for it. 

CEO fraud or “Whaling” 

CEO fraud has been on the rise lately. This is where the email recipient receives an email from the CEO of their company. (Who wouldn’t open that, right?) The domain of the email has been spoofed to look like it came from your organization. The hacker might even add details that have been researched about the CEO to make the email more believable or send the email at a time that you know the CEO is out of the office. And, just like that, you’re caught... hook, line, and sinker. 

What to watch for 

Ever received an email that's probably “too good to be true”? Chances are, it is. Be suspicious of emails claiming you’ve won a free cruise or an iPad and use caution before clicking on links or providing your credentials.  

Remember that email from your boss telling you how urgent it is that you get back to them? Or how urgent it is that you provide passwords or wire money to an account? Your organization should establish guidelines as to what information should be sent or requested via email. If something is urgent or sensitive, meet face to face or over the phone. And always have a way to verify the validity of a request. 

  • Check your hyperlinks.  

If you get an email from your financial institution that looks suspicious, hover over the buttons and links to make sure they are going to where they should. Check for off spellings in words or URLs that don’t match the website. 

  • Verify attachments.  

If you receive an attachment from someone you weren’t expecting, use caution before opening it. Attachments could easily contain an executable file that could infect your computer with a virus or ransomware.  

  • Verify the sender of an email.  

If you have never received an email from someone before, and now they’re asking you to download files or provide information, run through the checklist to verify if the email seems safe. Are the links legitimate? Are they asking for information they should receive? Does the attachment apply to the situation? 

There are so many hacking and phishing techniques out there and the threat continues to grow. We can all take a part in protecting ourselves and our organization by using caution and validating anything we are uncertain of. I highly recommend your organization create a process for reporting phishing emails to your email provider and invest in a high-quality email security service. It’s the data security equivalent to wearing your lifejacket on a fishing boat. 

Stay safe out there, don’t take the bait.  

About the Author

A passion to help people and a drive to support sustainable business growth fuels Cory Brester’s commitment to continual improvement. As the Director of CRM and Information Systems for Foundant Technologies, Cory supports a fast-growing team focused on maximizing the philanthropic community. As a software solution provider for grantmakers, grantseekers, scholarship providers, and community foundations Foundant is tasked with supporting the infrastructure of philanthropic programs everywhere; in order to be successful at this, Foundant needs a reliable infrastructure of its own. Cory manages Foundant’s internal corporate IT infrastructure and systems as well as leads the company initiatives on cybersecurity. Since starting at Foundant in 2011, Cory has spent much of his efforts planning and developing efficiencies and systems to support Foundant’s growth. His 8-year history with Foundant has allowed him to participate in sales and support - providing the internal experience necessary to provide a framework and continuity to information system processes and data integrity. Outside of his daily management work, Cory also enjoys sharing his cybersecurity knowledge through Foundant education resources, such as blogs and hosted webinars. Cory came to Bozeman from the agricultural community of Laurel, MT to pursue degrees in Finance and Accounting at Montana State University.

Profile Photo of Cory Brester