How did this happen? This is the number one question we’re asked when helping a customer with online account breaches and cybersecurity incidents. While it’s the most expected question to have, we rarely have a good answer for it.
In the IT security community, identifying the source of a hack is known as attribution. Attribution is incredibly difficult to ascertain if you’re dealing with even a moderately sophisticated perpetrator. While attribution for an individual attack is difficult to identify, we can step back and look at the tactics hackers generally use.
What is Phishing?
Recent studies have pinpointed phishing as the attack vector of choice for anywhere from 60-90% of cyberattacks. What is it? Basically a fake email. And when they’re done with attention to detail, they’re highly effective. Here’s an example. You wake up in the morning to an email notification from Facebook or Google telling you that someone tried to access your account, and you should change your password. The email looks identical to the legitimate email, and since you’re now in a panic that someone tried to access your email, you follow the link provided in the email and provide your email and password on the sign in page. Boom, you’ve just been phished.
How Do I Avoid It
The most common advice given is to check the sender’s email address and the website address before entering sensitive information into a website. I find this advice to be well-meaning but somewhat oblivious to how we use technology. Are you telling me every time I get a Facebook notification I should check this? That’s simply not going to happen. The habit I find works best is simply not using the buttons or links in emails that request information or account login. You need me to reset my Facebook password? OK, I’ll open a new window or tab and go to Facebook.com myself.