{"id":1218,"date":"2018-01-09T15:31:09","date_gmt":"2018-01-09T19:31:09","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1218"},"modified":"2018-02-23T11:31:47","modified_gmt":"2018-02-23T15:31:47","slug":"phishing-stay-safe","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/","title":{"rendered":"Phishing: How to Stay Safe with Digital Hygiene Best Practices"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1220 size-full\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg\" alt=\"phishing digital hygiene\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This weekend in the <\/span><a href=\"https:\/\/solutionsreview.com\/endpoint-security\/hacks-attacks-counters-cybersecurity-news-jan-8-2018\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">InfoSec headlines<\/span><\/a><span style=\"font-weight: 400\"> we noticed a common theme: the proliferation and success of phishing and spearphishing campaigns across the globe. These headlines speak to a common misconception about insider threats. Popular imagination holds that insider threats are conducted by malicious ex-employees, disgruntled and deliberately seeking to ruin their former employers. Although those kinds of actors do exist and are a threat, the vast majority of insider threats come from everyday employees acting negligently or ignorantly. But make no mistake: an insider threat from human error can be just as damaging as one from a malicious actor. And phishing is the best way for hackers to take advantage of human error. \u00a0\u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/security-information-event-management-vendor-map\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/02\/SIEM_VM_SB.jpg\" alt=\"Download Link to SIEM Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to a recent <\/span><a href=\"https:\/\/www.forbes.com\/sites\/forbesagencycouncil\/2018\/01\/02\/why-your-employees-might-be-the-biggest-threat-to-your-growing-business-and-what-to-do-about-it\/#454fd1376748\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">Forbes article<\/span><\/a><span style=\"font-weight: 400\">, 9 out of 10 InfoSec professionals feel their enterprise is vulnerable to an insider attack, and half of them have already suffered such an attack in the past year. According to <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/top-6-siem-vendors-watch-2018\/\" target=\"_blank\" rel=\"noopener\">SIEM<\/a> vendor <\/span><a href=\"https:\/\/blog.barkly.com\/5-tips-keeping-users-safe-from-spear-phishing\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">Barkly<\/span><\/a><span style=\"font-weight: 400\">, the average phishing costs the victim enterprise $300,000.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Therefore, we\u2019ve decided to break down phishing tactics and share the hygiene policies that can help keep your credentials and data safe. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>What is Phishing? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Phishing is the umbrella term for hacking tactics that aim to deceive users into handing over their information willingly. The most well-known phishing tactic is to send an email or direct message posing as a trusted institution such as a bank or even as the IT department of your enterprise. This spoofed message will ask the user to verify their account information, providing a link to do so. If the user clicks on the link, they will be taken to a website designed to imitate the legitimate website down to the proper logo, style, and names of legitimate employees. The user will be prompted to input their credentials or information into this site, allowing the hacker to steal it with little effort. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The most common variation of phishing is spearphishing\u2014 a phishing tactic that tries to deceive a user directly rather than sending out a more generic, mass message. Spearphishing messages will reference user information to make their request seem more legitimate. For example, a spearphishing email posing as your IT department might reference your recent company outing. The details of these false messages will always be publicly available\u2014pictures of your company outing may have appeared on your blog, as per the example above\u2014but will often be enough to lull users into a false sense of security. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The good news that tactics that counter phishing attempts can counter spearphishing too. All it takes is to educate your employees and privileged users in some common sense digital hygiene practices. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Watch for Unusual Errors<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The most common sign of phishing is poor writing. No institution and no writer is perfect 100% of the time, even the most distinguished institution. However, users should be on alert for messages from banks, websites, or their IT departments that have persistent spelling errors, stifled language, or grammatical and punctuation errors. This is often a sign that a hacker for whom English is not their first language is trying to pose as the legitimate party (a far more common occurrence than may be expected). Your employees should read all of their emails carefully, and should not respond to emails with these kinds of errors. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">These errors will also extend to the spoofed website, so employees should keep a sharp eye out there as well. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Never Trust a Link<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Phishing attempts hinge on their links; some of the links lead to the credential-stealing spoofed sites and other links instantly download malware when clicked to start taking advantage of your network\u2019s security holes. In every instance, the link will be spoofed to look legitimate (although some of them may have spelling errors in them as well). You should train your employees and users to never go to websites via emailed links; they should instead type URLs into the browser address bar or use bookmarks to legitimate sites to navigate. \u00a0\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">You can also hover over a link to see where it will take you\u2014while these can also be spoofed it is much harder to do. Employees should watch to see if the link will actually take them to where the link states it will, and not click on links that don\u2019t match up. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Additionally, any legitimate institution, social media site, or website will have https in front of their address and the closed lock icon next to the URL. This is a signal that their sites are secure from unauthorized users. If a seemingly legitimate website does not have https or a closed lock symbol, employees should not trust it. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Unusual Requests, Be Warned<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The best rule of thumb in preventing phishing techniques is that banks, social media platforms providers, HR departments, etc., will <\/span><i><span style=\"font-weight: 400\">never<\/span><\/i><span style=\"font-weight: 400\"> ask for a user\u2019s password or personal information over email, direct message, or text message. Nor will any such institution send an unsolicited gift, especially not one that requires a login or verification to obtain. In fact, no credible website will do this. Such emails should be deleted instantly. If your employee is truly in doubt, they should contact the institution in question directly over the phone. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Make Sure Your Privileged Users Are Also Trained<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Privileged users are not immune to phishing tactics. Indeed, hackers desire their credentials above all, and will try to deceive them into compromising the network. But while the target may change (in these cases the campaigns are called whale phishing), and the spoofed sites may be different, the overall tactics do not. Make sure they are also aware of best practices in digital hygiene, and keep them from getting arrogant about their privileges.<\/span><\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>This weekend in the InfoSec headlines we noticed a common theme: the proliferation and success of phishing and spearphishing campaigns across the globe. These headlines speak to a common misconception about insider threats. Popular imagination holds that insider threats are conducted by malicious ex-employees, disgruntled and deliberately seeking to ruin their former employers. Although those [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":1220,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1,3],"tags":[95,145,112,86,21,22],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Phishing: How to Stay Safe with Digital Hygiene Practices<\/title>\n<meta name=\"description\" content=\"We\u2019ve decided to break down phishing tactics and share the hygiene policies that can help keep your credentials and data safe.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing: How to Stay Safe with Digital Hygiene Practices\" \/>\n<meta property=\"og:description\" content=\"We\u2019ve decided to break down phishing tactics and share the hygiene policies that can help keep your credentials and data safe.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-09T19:31:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-02-23T15:31:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/\",\"name\":\"Phishing: How to Stay Safe with Digital Hygiene Practices\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg\",\"datePublished\":\"2018-01-09T19:31:09+00:00\",\"dateModified\":\"2018-02-23T15:31:47+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"We\u2019ve decided to break down phishing tactics and share the hygiene policies that can help keep your credentials and data safe.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Barracuda Networks: The Gift Card Phishing Scam\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing: How to Stay Safe with Digital Hygiene Best Practices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing: How to Stay Safe with Digital Hygiene Practices","description":"We\u2019ve decided to break down phishing tactics and share the hygiene policies that can help keep your credentials and data safe.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/","og_locale":"en_US","og_type":"article","og_title":"Phishing: How to Stay Safe with Digital Hygiene Practices","og_description":"We\u2019ve decided to break down phishing tactics and share the hygiene policies that can help keep your credentials and data safe.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2018-01-09T19:31:09+00:00","article_modified_time":"2018-02-23T15:31:47+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/","name":"Phishing: How to Stay Safe with Digital Hygiene Practices","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg","datePublished":"2018-01-09T19:31:09+00:00","dateModified":"2018-02-23T15:31:47+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"We\u2019ve decided to break down phishing tactics and share the hygiene policies that can help keep your credentials and data safe.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/phishing-mod.jpg","width":800,"height":400,"caption":"Barracuda Networks: The Gift Card Phishing Scam"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Phishing: How to Stay Safe with Digital Hygiene Best Practices"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1218"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=1218"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1218\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/1220"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=1218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=1218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=1218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}