Our Cybersecurity Risk Team is honoring Cybersecurity Awareness Month in October with information and tips to raise awareness about the importance of protecting data and staying safe online. Although this month is set aside to heighten awareness of online predators, this information should be used EVERY day to protect the City’s data and security.
Phishing, Vishing, and Catphishing: What the difference?
Phishing, Vishing, and Catphishing are all examples of social engineering. In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. Learn the difference and how to protect yourself online.
Phishing is using email or malicious websites to solicit personal information by posing as a trustworthy organization. How to detect a phish?
- Look for a suspicious sender’s address plus generic greetings, and signatures.
- You may also see spoofed hyperlinks and websites, spelling and layout errors, or suspicious attachments.
Vishing is an approach that leverages voice communication. Voice over Internet Protocol (VoIP) easily allows caller identity (ID) to be “spoofed” or disguised. Which can take advantage of the public’s misplaced trust in the security of phone services, especially landline services. How to detect vishing?
- Be suspicious of unsolicited phone calls.
- If an unknown individual claims to be from a legitimate organization, try to verify their identity directly with the company.
- Remember: Microsoft Tech Support, Social Security, IRS and other agencies will never ask you for any form of payment over the phone.
- Never give your Multifactor Authentication generated code to anyone!
Catphishing is a form of online deception that involves using a fake identity to lure unknowing victims into a relationship with the intent of exploiting them for money or access to private data. Know the signs of Catphishing:
- They ask for anti-typical personal information / things get serious too soon.
- They cancel in-person plans last minute (perpetually)
- They speak of sudden financial difficulties
- They refuse to video chat
- Their social accounts have minimal activity
Proactive tips
- Run an image search
- Using tools such as Google reverse image search, you can enter the image URL of someone’s profile picture and see where else it’s showing up on the web.
- Ask for proof of identity
- Never open links or attachments until you have proven their identity.
For more tips and to find out more about Cybersecurity Awareness Month, visit the National Cybersecurity Alliance website.