A recent report revealed that Russian hackers used phishing techniques to infiltrate the Burisma, the Ukrainian company that was the seed of the impeachment trial. The Democratic National Committee was also targeted in 2016. And probably your grandparents or another relative has gotten a suspicious email and didn’t know what to do with it.
From corporations to political figures and everyday citizens, we all can get phished. We get advice on staying safe from Cooper Quintin, Senior Staff Technologist at the Electronic Frontier Foundation.
How to protect yourself
If something seems weird about an email or text message, listen to your common sense instinct and don’t click.
“In general, if you get a link or an attachment in an email that you weren't expecting, even if it's from somebody that you know, don't click on it right away. Contact the person in another way. Give them a call. And make sure that they did in fact intend to send it to you,” says Quintin.
Quintin says to maintain your “digital security hygiene,” such as:
- Updating all your software, including security features on your phone and laptop.
- Using a password manager and turning on two-factor authentication when available.
If you are infiltrated with malware, then what?
“The most common type of malware that we see being installed through phishing attacks right now is ransomware, which will encrypt your data and hold it for ransom until you pay,” says Quintin.
- Keep backups of important data on your computer.
- Have a professional help you clean up your computer.
What untargeted phishing looks like:
You get an email that looks like it came from Google. It says your account has been compromised, so please click on this link to reset your password. You click and end up on a fake Google login page. You enter your info, which goes to a scammer, and you get redirected to the real Google site.
Sex extortion: The attacker sends you an email saying they have a compromising video of you looking at adult sites, and you have to pay money to ge tthem to delete it. But in fact, they have no such video.
Classic: An email says a rich foreign prince wants to give you some money.
Secret package: An email says you have a package waiting for you at FedEx, but you need to download this PDF to find out what it is. That PDF contains malware.
What targeted phishing looks like:
These techniques can get very sophisticated, and most people will never get one of these in their lifetimes, says Quintin.
But you might get one if you:
- Work for a company that’s under geopolitical scrutiny
- Work in politics
- Work in journalism
- Are an activist
- Are a human rights defender
If you open a malicious email or link, how soon do you know that you’ve been hacked?
“You might not necessarily know that you’ve been hacked as soon as you click on the email. It might take a little bit. A lot of phishing campaigns are trying to get credentials to your email account or to other sensitive accounts. … And it might take a while for that to become apparent,” he says.
--Written by Amy Ta, produced by Nihar Patel