York Solutions Thought Leadership

York Solutions ITL Meeting Recap: Phishing 3.0

Written by yorksolutions | Oct 8, 2018 4:24:35 PM

At the most recent Think IT Leadership group meeting we had an intriguing discussion on Phishing 3.0.  I want to take a minute to thank Brian Greenberg for leading the meeting, and Genesys Works and Elkay for hosting.

Phishing 3.0 is nothing you want to ignore.  Phishing is a fraudulent act of gaining private information, such as credit card numbers, personal identification and account usernames, and passwords.  One of the main ways to compromise your information is through a fake email.  They want to trick you into providing your username, password, and credit card details.  An email may state that you need to re-set your CC password, but the end result will be you providing them with your information, falling victim to a phishing attack.  Another way to get your information is through false website advertisements.  This could be something along the lines of winning a free Starbucks GC if you complete the survey.  In return, you are providing them with all your information and again falling victim to an attack.  Lastly, by click on any of this information, you can cause a virus on your computer. This will lead them to all your personal and private information, yet again, falling victim to phishing.

Brian pointed out a few tricks phishing can get you.  These names are as follows:

Forward Payment Scams (so-called Nigerian scams)

Type #1: Typo-squatting: espn.cm, aol.cm, itunes.cm, qooqle.com, gooogle.com

Type #2: Same Script Spoofing: rn = m, 0 = O, I = 1

Mixed Script Spoofing or Homographs: (International Domain Names)

Latin small letter ‘o’ (U+006F) can be confused with Cyrillic small letter ‘o’ (U+043E)

What can we do to prevent ourselves from falling victim to a phishing attack?  Mark Las stated, “Your company needs to have advance firewalls in place and phishing campaign training.”  Roman Dusiak stated, “companies can also put in email filtering software to help with credit card fraud.”  You can also invest in Rec Tech that will block the email before entering your email.  Companies can also use their firewall, an email filtering system, mind cast and help their employees catch a phishing attack by clicking on the phishing block before opening the email.

Phishing is nothing to mess around with.  We all need to be aware of the many ways we can fall victim to a phishing attack.  We appreciate all that attended the meeting.  If you were unable to attend, please visit the attached slides.  We hope to see you at the next meeting.