Phight the Phish!
Categories: Best Practices Cyber Security Awareness Month Security
Cybersecurity Awareness Week 2: Phight the Phish!
As we head into the second week of Cybersecurity Awareness Month 2021, we should take some time to be aware on how to Phight the Phish! Cyber criminals are coming up with new ways to “phish” for your information using browser redirect hijacks and Windows notifications. “Phishing,” in the tech world, is the fraudulent practice of purporting to be from reputable companies and attempting to induce individuals to reveal personal information, such as passwords and credit card numbers. I’ll show you how to recognize and prevent such things from happening on your end.
What is Browser Hijacking?
We use an internet browser to find and search for content. Common browsers are Chrome, Firefox, Safari and Edge. Browser hijacking occurs when unwanted software is installed on a browser and alters the ability to search for information. This can cause website redirects that open malicious websites where cyber criminals:
- Steal data such as identity, banking and passwords
- Use the video camera and microphone to spy
- Collect keyboard entries
- Display persistent (pop-up) advertising
- Run a try-before-you-buy hard sell advertisement
For example, criminals entice you to visit a website containing scripts that work with your browser to install the malware or you click on a link from this website and malware is installed. Once this happens, your browser has been hijacked!
Should this happen to you, do not call the listed telephone number and do not provide any personal information. Most of these browser hijacking types of attacks are relatively harmless: normally you can reboot your computer or force the browser to close and the issue will go away. We suggest you scan your computer with an anti-malware tool such as Windows Defender to ensure your computer is not infected. If you are unsure of what to do or if you are unsure if something is legit or safe, please contact your Computer Support Specialist.
Another phishing method is to click a link that takes your browser to a website hackers have crafted to mimic a well-known site you often visit. Here, they attempt to capture critical information such as your user ID and account, password, full name, address, social security number, and even answers to security questions — mother’s maiden name, etc. With this information cyber criminals use the information to access your online accounts. This could lead to identity theft and the loss of money.
Why am I getting these ads in my notifications area?
Another popular tool cyber criminals use to phish for your information is a browser notifications plugin. You might be browsing the Internet or working on an Excel spreadsheet and notice a popup in the bottom right part of your screen saying you have viruses or malware. The images below show the difference between an ad and a valid Windows Defender notification.
Notification Ad
Valid Windows Defender message
Similar to browser redirects, these pop-up notifications are harmless; most of the time they are ads or websites trying to phish for your personal information. You can either ignore these completely or close them out but the easiest thing to do is turn off notifications altogether from whichever browser you use: On a PC, open your Settings window by clicking your start button in the lower left part of your desktop and clicking on the gear icon.
Then click the System option.
Then you will click the Notifications & Actions option in the left menu and you will want to turn OFF the notifications for Chrome or whichever browser you are using. This should disable those ads from reappearing.
While these notification ads are targeted for Windows 10 computers, Mac users might also experience unwanted pop-ups. However, notifications on a Mac are site specific. To prevent sites from showing you intrusive or misleading ads by changing your settings.
- Open Chrome
. - At the top right, click More
Settings. - Under “Privacy and security,” click Site Settings
Ads. - Choose the option you want as your default setting.
#PhightThePhish
We must all do our part in recognizing and adapting to changes in ways online criminals can phish for our personal information. Below are a few links with more tips on how to recognize and be aware on how to PHIGHT THE PHISH!
Be sure to contact your DASNR IT Computer Support Specialist for additional info on phishing attacks!
- https://www.cisa.gov/
- https://www.cisa.gov/cybersecurity-awareness-month
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity%20Awareness%20Month%202021%20-%20Identity%20Theft%20and%20Internet%20Scams%20Tip%20Sheet_0.pdf
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity%20Awareness%20Month%202021%20-%20Phishing%20Tip%20Sheet.pdf