by Leo Cronin, Cincinnati Bell Chief Security Officer
Note: links in this article have been verified to be secure
Cyber criminals often look to capitalize on the confusion surrounding national events and crises, so 2020 has pretty much been their dream come true.
A recent report published by Check Point revealed that phishing attempts related to COVID-19 increased from under 5,000 in February to more than 200,000 in late April. Add to the ongoing pandemic a hotly contested election and the upcoming holiday season, and we are likely to see a high rate of cyber attacks and phishing attempts throughout the rest of the year.
According to CSO magazine, phishing attacks account for more than 80% of reported security incidents. Phishing attacks use email or malicious websites to coax recipients into revealing personal and/or financial information, or infect your machine with malware and viruses.
While all major email providers have security measures in place to prevent suspected phishing emails, cyber criminals continue to find new ways to disguise their intentions and slip through the cracks. As a result, common sense and a trained eye are still the best defenses against falling victim to a phishing scam.
Here’s are some common warning signs to look for if you suspect a phishing email:
- The sender's email address
Cyber criminals take drastic measures to make their emails look legitimate. They know one of the first things a recipient looks at when opening an email is who it's from so they try to replicate familiar addresses. Often these addresses include a slight misspelling that can be overlooked if you don't pay close attention.
- It asks you to do something that seems out of the ordinary
Trust your gut. If an email is asking you to do something that seems out of the ordinary, treat the message as suspicious. Confirm with the source that the message is legitimate before clicking on any links or responding with personal information.
- Contains typos
Many phishing attempts originate from foreign hackers for whom English is a second language. As a result, many phishing emails contain typos, misspellings and clumsy wording.
- Asks for login credentials or personal information
No reputable company will ever send you an email asking you for your password, credit card number, bank account information, or other personal information. A request to send this type of information via email is a strong sign of a phishing attempt.
- Makes a threat or promises extraordinary rewards
Cyber criminals want you to react to their emails quickly before you have time to recognize the red flags. They will often include an element of urgency or consequence in their messages to motivate you to respond quickly and distract you from considering its legitimacy.
- Contains masked links
The goal of many phishing emails is to get you to click on a link that will begin the installation of malware on your computer. If you ever have concerns about the legitimacy of an email, you can place your cursor over any hyperlinked text to see exactly what URL it will open. If the URL that is shown does not appear to fit with the hyperlinked text, it is likely a phishing scam.
What to do if you receive a suspected phishing attempt
If you receive an email you believe to be a phishing attempt, here’s what you should and shouldn’t do:
- DO NOT click any links or attachments, or provide the sender with any information as the security of your hardware and information could be compromised.
- Mark the email as spam. If you are using the Cincinnati Bell web-based email client (webmail2.cincinnatibell.net), you can click the Spam button that is available at the top of the screen. If you are using a mobile device, or another email client, select “Report as spam/junk” (or similarly named option). This will remove the email from your inbox and enable us to better identify and filter spam messages in the future.
If you responded to a suspected phishing email and believe your personal information (login credentials, Social Security number, financial information) has been compromised, or if you have clicked the link and/or already provided any information, you should scan your device for malware using your anti-virus/malware program. If you don't have anti-virus/malware program see the section below about Cincinnati Bell's Premier Internet offering. Also, change the passwords for any accounts you have logged into since clicking the link. Then visit IdentityTheft.gov to see what steps you should take depending on what information may have been exposed.
Additional tips to consider
Limit the reuse of passwords - Scammers will reuse passwords they compromise or obtain through the dark web to attempt additional fraud or data theft. You should pick a strong password for your Cincinnati Bell email account and not reuse it on other websites. Strong passwords should be at least 8 characters and contain upper and lower case alphabetic characters, numbers and special characters.
Ensure your mobile device is using e-mail encryption – To ensure your Cincinnati Bell email account is secure on your mobile device make sure encryption is enabled. You can easily enable encryption on your mobile device by checking the server settings in your mobile email client. If no security type or option is selected, enable TLS (accept all certificates).
Get an added layer of protection with Premier
Cincinnati Bell’s Premier internet bundle includes enhanced internet security protections. Cincinnati Bell has partnered with cyber security leader F-Secure to provide award-winning protection for your smartphones, tablets and computers. Upgrade to Premier today to take advantage of features such as:
- Family Rules to manage your children's online activity
- Secure financial transactions when banking or shopping online
- Browsing protection that automatically blocks known malicious IP addresses
- Password manager to safely store all your usernames and passwords
How to Recognize & Prevent Phone Scams [blog]