Social engineering has been with us for decades.
That’s when somebody “tricks” you into giving them important information electronically by posing as somebody you know.
Yet, in April, when a phishing email scam spread to millions of computers worldwide, it became apparent that even the most tech-savvy of us are susceptible, and today’s level of sophistication makes it harder than ever to identify and avoid phishing scams. In April, you might have received an email that looked like somebody was sharing a Google Drive document with you – and you, like millions of other people, may have been tricked into giving up your Google credentials, putting your account (and perhaps many of your accounts) at risk.
If you were taken in, please change your passwords ASAP. Then remember these simple rules:
1. Don’t click on links or attachments in email you don’t recognize and expect – no matter who sent it (or appeared to send it). Much of the malicious email is disguised to look like it’s from someone you know, and might be the type of email they would send you. Often, the email with malicious payload comes from an email address that you actually do know.
2. Turn on multifactor authentication. This helps protect against somebody using your credentials from a new device. With multifactor authentication, you typically register a cell phone as well as your email address in your account – and whenever a new device tries to access your account for the first time, the account sends a text to your phone, asking for permission to let the new device access the account. Yes, it can be a pain in the butt occasionally, but the value of reducing your risk of somebody breaking into your account far outweighs the pain of needing your phone near you when you use a new device to access one of your accounts.
There’s a lot of new research questioning the value of long passwords that are easy to forget. Social authentication — using logins via Facebook, Google, Twitter instead of a separate username & password — has also been rising because it eliminates the need to remember yet another set of credentials. None of them are perfect.
Your vigilance is the best defense. We know you’re very smart. Don’t let that make you an easy target. The malicious senders count on even the smartest recipients having their guards down to succeed in their quests.By David Radin