As I tend to state...not all risks are so obvious and not all things that appear risky actually are, so it pays to look for signs that something isn't quite right before going in. Having been a target of phishing this week and frankly some pretty strong camouflage techniques, except for three signals, I figured I'd share some thoughts on cyber risk from a semi-informed perspective.
Phishing - as defined by The Oxford dictionary is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers".
My informal definition: professional electronic camouflagers who excel at the art of communication imitation to the detriment of the prey (you and me).
My experience involves receiving an email that reflected, or seemed to reflect the actual email address of the person letter for letter, appeared further legitimate based on the company signature line format and then given the frequent use of secure message systems within business to "securely" deliver information didn't immediately raise flags. What did raise flags:
1) the personal contact and I hadn't touched base recently on business and there was no apparent reason for them to send me a secure message; however, we had corresponded in the past 90 days, so it was possible they needed input.
2) the message asked for me to respond within a timeline of two days. Not immediate, but still a flag.
3) the "secure system" further asked me to authenticate myself by inputting my email AND password - BIG RED FLAG!
This last flag caused me to quickly reverse course and reach out to my colleague. First, I sent an email to their address indicating I'd be happy to review if they would do so by putting the file in a shared location. No response....another flag. Next approach, reached out via another channel (in this case LinkedIn) to check validity and confirmed it was not authentic and in fact a phishing attempt.
Cyber attacks happen ALL THE TIME and techniques for engaging in them change frequently . You can prepare by: having cyber security software installed and updated, having spam filters set up effectively, understanding techniques being used to attack, etc.; but you still need to be alert for flags. I am not a cyber expert and so my tips are instead going to be two links to references for you to learn more.
Good practices are critical to prevention and if you are a business owner/leader you should know cyber is increasingly an insurable exposure for most businesses. Importantly, along with the insurance protection, carriers often provide information and services to help you more effectively assess and manage risks.
Make sure you are covering all bases as cyber can be crippling if not addressed.