How to Protect Yourself from a Phishing Attack

The hardest part of using a computer today is security and protecting yourself/business from being hacked. Back in the day, the hardest part of using a computer was learning how to use it. I started computing before Windows 3.0 so had to learn DOS and while that knowledge has always benefited me, it was not easy. Today with modern Windows, anybody can logon, run apps or a browser and use a computer in basic ways. To help protect myself, I have MFA (Multi-Factor Authentication) enabled on every online account that will allow it including email, Facebook, Twitter, etc. but it is still possible to get hacked just by clicking on a link in email or a malicious website which is known as Phishing. A few years ago, it was easy to spot a phishing email even for a novice user if they were paying attention. The emails would be poorly formatted, have bad grammar, or expose the link that was clearly not from your bank. As time goes by, the bad guys are getting smarter and now days that phishing emails look more legit and you actually have to study it to determine if it’s real or not. Even worse, they have elevated their game by using social engineering to make it look like the email is coming from a trusted source or better yet, using a compromised account and the email IS coming from a trusted source!

Recently a friend of mine received two emails, a week a part from the below addresses which appear to be from me, he is fairly technical so he recognized the address was not my normal one and checked with me. Here the bad guys have somehow figured out that we are friends and are trying to use that to get their phishing link clicked on.

From: George Scott [george.scott241@zeus.eonet.ne.jp]
From: George Scott [george.scott536@terra.com.br]

Microsoft has software available to help protect against this called Advance Threat Protection (ATP) but still it’s possible for the bad guys to get through it as they evolve and get smarter. Planet has worked with Microsoft to come up with solutions that tie ATP to other cloud security solutions from Microsoft to actually track a user’s behavior and very quickly learn if that user has been compromised. The user account can then be reset and kicked off the network, requiring additional security like MFA to log back on. In December, my team leader Bob Ballard did a webinar that covers this solution and other security topics, if interested, please view it here.

Planet Technologies is available to help with each of these resources and has specific offerings that can make implementing them more efficient. Please contact us to discuss. Follow us on Twitter at @PlanetCloudStrt.