Cyber 9/11: How to avoid being "phished" by hackers

This week, a YouTube video has called on hackers to stage a “cyber 9/11” - Norton experts offer tips on how to stay safe.

Keyboard (Rex)

This week, a YouTube video has called on hackers to stage a “cyber 9/11” - targeting Israeli and American sites

“Hi, Israel, do you remember us?”, said a masked figure, who called upon Muslim hackers to attack on September 11.“America, Israel. We will show you,” he says.

The group claims to be affiliated to Anonymous and other related groups in the Middle East.

When the New York Times’s front page was replaced by a banner saying, “Syrian Electronic Army was here” last month, it was a demonstration of the power of such “hacktivist” groups.

Craig Young, security researcher at Tripwire, says that simple steps can help to keep companies safe: “Businesses concerned about cyber attacks on 9/11 should emphasize the risks of phishing campaigns to all employees.

Most hacks - big and small - start the same way. Someone, somewhere, opens an email, an SMS or a message they shouldn’t have.

                              [Warning over security of baby monitors]

In the New York Times’s case, a worker in India opened an email attachment, handing over vital passwords - in the case of home users, the same mistake can lead to identity theft, or even worse.

During 2012, one in 191 emails were phishing emails, according to Norton’s 2013 Cybercrime Report  - and the UK is the third most-popular destination for phishing attacks worldwide.

Last year, there was a 42% rise in attacks which targeted companies, and those sort of “spear phishing” attacks can often look highly professional.

Thankfully, there are some telltale signs that can help you avoid that fatal click - even if you’re up against a skilled “pro” who is determined to get inside your company network.

If your IT department emails you, they won’t ask for your password

Targeted “spear phishing” attacks can appear to come from your own IT department - or from business contacts, or senior managers within your organisation. Be wary. If a web link from your IT department suddenly asks for your login details or password, don’t enter them - it’s a common scam used by cybercriminals to penetrate business systems. Phone your IT department and ask if it’s real - they will thank you for it.

Being spammed? Don’t unsubscribe

Spam emails sometimes offer an “unsubscribe” button - similar to the ones on a real mailing list. Don’t click it. Doing so can inform the cybercriminals that you’re there - and trigger a new wave of attacks.

Don’t trust “business phone numbers”

Many of today’s best-made spam emails will come with a phone contact number - which makes it look even more like a real business email. The number might well work, but you will speak to a scammer, not your bank - and you’ll immediately begin handing over details for use in future attacks.

Don’t open unexpected emails from colleagues

Cybercriminals are increasingly targeting company networks - so don’t think that it’s safe to open attachments or links in “official” emails from colleagues. Has a PDF arrived without warning? Do they urgently need you to sign something? Phone and check. There has been a huge rise in such attacks in recent months - with manufacturing industries the most targeted, facing double the number of attacks compared to those aimed at Government. A fifth of attacks were aimed at UK companies, according to Norton’s Cybercrime Report.

Short URLs belong on Twitter - not in emails

Shortened URLs are a common “trick” used by cybercriminals to hide the fact that users are not, in fact, visiting a legitimate website. Businesses don’t usually use shortened URLs in emails - why would they? There’s no upper limit on the amount of characters. If you see one, be careful. Google the company’s address and go there, rather than clicking the link.

If anything sounds “urgent” don’t click

Phishing scams usually rely on you making a split-second decision to click - against your better instincts. To achieve this, cybercriminals will use surprise - with attachments sucha as wedding invitations, or fear with documents purportedly from tax authorities. Deadlines for tax returns are a boom time for phisher.  Even if the emails look real, be careful. Phone the tax people, email your friend - after all, why haven’t they posted out an invitation, or phoned you first?

Don’t feel safe on your smartphone

Most phishing scams aim to install malware on victims’ PCs - but an increasing number deliver malware to smartphones, especially Android handsets. Make sure you protect all your devices with a comprehensive security solution, like Norton 360 Multi-Device.

Don’t be tempted by special offers

Urgency is the key to a successful phishing campaign - and special offers are still the most common kind of online scam, according to Norton’s Cybercrime report. If you are offered an urgent, never-to-be-repeated limited time offer, don’t click the link - Google the company, and look for security marks such as a green mark in the address bar. Those marks show you’re on a trusted site.

Don’t ever, ever open an attachment from someone you don’t know

Regardlesss of whether they sound important, or claim to be from law enforcement, this is rule number one. Do not open the attachment. Much malware comes disguised as PDF documents - but even links can quickly infect your computer if your software isn’t up to date. Make a rule - if it’s from someone you don’t know, it IS spam, until proven otherwise.