The most intricate firewall in the world can be rendered useless by one of the most common hacks out there. The worst bit? Falling for it is like giving thieves the key to your house and complaining that you’ve been robbed.
A successful attack could be devastating for your clients. Think of the damage that could be done if the wrong person saw your bank statements – now think what an attacker could do with all the data your clients trust you with.
The best defense is being aware and not falling for the scam in the first place.
What is phishing?
Phishing is a type of hacking named for the age-old career and pastime – fishing. This is because functionally, the two acts are exactly the same. You put out the bait, you see what bites.
It’s a bit misleading to call phishing hacking because it requires little-to-no technical experience. It falls under the umbrella of social engineering, tricking users into providing the attacker ‘legitimate’ access to their computers.
How do I spot a phishing attack?
Chances are, you’ve already seen and avoided countless phishing attacks. That mysterious Dropbox link you received without context? That invoice from someone you’ve never done business with? Those are attempts to trick you into entering your login information on websites made to look like your everyday email, social media or bank websites.
You can always tell if it’s legitimate by looking at the sender’s email address or the link’s URL. Look for slight differences in what you’d expect in a normal URL – a common trick is swapping letters for numbers, like ‘Os’ hidden as ‘0s’.
When in doubt, ask. If your colleague or client sends an unexpected link, just ask them if they sent it. Phishers are targeting millions of users every day, it’s unlikely they’ll reply.
What can I do?
No firewall will stop a phishing attack the same way no lock will stop someone with a key. Spam filters can stop you getting links in the first place, but attacks will always slip through and dodgy emails should be deleted instantly.
If you’ve fallen for this scam, change your passwords immediately and you may need to investigate to see if any important data was accessed. On that note, avoid obvious passwords. Almost 1500 Western Australian government employees used Password123 to guard their accounts, they may as well not have passwords at all. Even your birth-year is risky, chances are it starts with ‘19’ and it’s significantly easier to guess the last two digits once you have the first two.
With a little bit of awareness, the vast majority of these attacks are blatantly obvious, but remember, it only takes a few distracted clicks to lose control of you and your clients’ data.
The opinions expressed in this content are those of the author shown, and do not necessarily represent those of No More Practice Education Pty Ltd or its related entities. All content is intended for a professional financial adviser audience only and does not constitute financial advice. To view our full terms and conditions, click here.
