Unmasking Phishing Threats
Exciting News! We are launching our Tech Tuesday newsletter at CIM, I thought it would be fitting to start with one of the greatest technology break throughs, Artificial Intelligence (AI). Stay tuned for that, as I’ve had to pivot due to an increase in ministries suffering from phishing attacks.
Every day, it seems like another company has suffered a data breach. It doesn’t matter how small or large the company is, or how sophisticated their IT department is; they all suffer from the same weakest link: the person at the keyboard. If you dig a little bit deeper into the announcements, too often the breach is caused by one of two things: phishing or social engineering.
In this newsletter, I want to explore what phishing is and how we can prevent it. According to Sentinel One, a leading security software provider, phishing attacks have increased by 1,265%, primarily drivenby the growth of Generative AI (stay tuned for more on AI in upcoming newsletters). I can attest to this since I’ve seen three organizations suffer from attacks in the last couple of weeks. So, what is phishing? Is it a misspelling? Phishing involves using emails or, more frequently, text messages (smishing) designed to bait individuals into clicking a link and providing sensitive information or downloading malicious software (malware).
Two to three years ago, it was much easier to spot phishing emails. The English was usually poor, and the design was inaccurate. However, with the rise of AI, that is no longer the case. Now emails are taking on a more authenticate appearance making it much more difficult to distinguish. So,then how do we spot them?
Tip #1 is to know the people you work with and their communication habits. If they don’t have a reason to send you a file or link to a OneNote, why are they now? If they don’t work in HR, why are they asking for employee information? If your pastor or boss has never asked for Amazon gift cards, why all the sudden? I relate it to raising kids or being in a relationship. If my kids or spouse do something out of character, I’m going to question what is going on.
Tip #2 is to look for anomalies. If a link was sent and you hover your mouse over it, does it go to a recognizable place? ou accidently clicked on the link and it is asking for your username and password,why? Aren’t you already logged into the system?
Tip #3 is, if you suspect anything contact the person by other means. Send a Teams message, write a separate email or pick up the phone. Better to take the extra moment to confirm what is going on, then the hours if not days of cleanup that is often required afterwards.
In IT, there is a security model called ‘ZeroTrust,’ which assumes no user, device, or network is inherently trustworthy and requires continuous verification. Unfortunately, with the rapid increase in phishing and the use of AI, it is a mindset we must adopt when it comes to email and texting. If you would like a more secure way to communicate with your co-workers, stay tuned for an introduction to Microsoft Teams.
Jonathan Meester – Computers in Ministry