Who’s who? Verifying identities in the digital workspace

Phishing is becoming more common as a vector of attack for businesses in today’s digital environment and not even major corporations are safe. Just last week, several major Las Vegas casinos were successfully phished and brought to a standstill, costing them millions in both lost revenue and ransoms paid out. The hackers claim that these attacks were achieved with only a 10 minute phishing phone call whereby they were able to get full access to the casino networks. With virtual interactions being an increasingly common method of communication in the business world, it’s crucial to be vigilant about the authenticity of the people you communicate with online. Cybercriminals and scammers are constantly devising new ways to deceive and manipulate unsuspecting individuals. To protect yourself and your business, it’s essential to know how to verify if someone is real and not a phish. In this blog, we’ll explore some practical steps to help you stay safe online.

Analyze the Communication Channel:
Start by considering the platform or communication channel you’re using. Legitimate organizations often have official websites, email domains, and social media profiles. Verify that the person you’re communicating with is using the official channels associated with their identity. Be wary of individuals who insist on using unconventional or unofficial platforms such as WhatsApp or Paypal instead of your businesses’ messaging app or payroll service.

Check the URL and Email Address:
Pay close attention to website URLs and email addresses. Phishers often create fake websites and email domains that closely resemble legitimate ones but have subtle differences. Look for spelling errors, unusual characters, or additional subdomains that could indicate a fraudulent website or email address. JohnDoe@nullCompanyName.com is not the same as JohnDoe@nullCmpanyName.com

Verify Identity Through Social Media:
If you’re interacting with someone on a social media platform, take a few moments to investigate their profile. Look for signs of legitimacy, such as a verified badge or a history of interactions with known contacts. Be cautious of profiles with limited or no activity and few connections or followers.

Cross-Check Information:
If someone claims to represent an organization or institution, cross-check their information. Visit the official website of the entity in question and compare the details provided by the individual with the information on the official site. Scammers often struggle to replicate all the intricate details of a genuine organization’s web presence.

Be Skeptical of Unsolicited Messages:
Phishers often initiate contact with unsolicited messages, whether through email, social media, or other platforms. Be skeptical of messages from unknown sources, especially if they request personal or financial information. Legitimate entities typically won’t ask for sensitive data through unsolicited messages. Phish attacks may also try to impersonate authority figures in the business as well as create a sense of urgency to pressure the victim into a hasty action. “Hi John, this is Derek, the CEO. I am texting from a new number because my old phone broke today. Can you pay an invoice for $2500 to our vendor ASAP? We are three months behind and they will shut off our service if we don’t pay before end of business day today”

Beware of Urgent Requests:
Phishers often create a sense of urgency to pressure victims into taking immediate action. Whether it’s a limited-time offer, a prize that must be claimed right away, or a warning of dire consequences, take a step back and critically assess the situation. Scammers rely on your impulsive decisions when they push you to act quickly. “Dale, this is Amarita the CFO. Why didn’t you pay the vendor invoice last week? I am attaching a copy of the invoice to this email. Pay it before the end of the day or you’re fired!”

Use Multi-Factor Authentication (MFA):
Whenever possible, enable multi-factor authentication for your accounts. MFA adds an extra layer of security by requiring multiple forms of verification, such as a password and a one-time code sent to your mobile device. This can help protect your accounts even if someone does manage to obtain your login credentials. Do not ever give out MFA codes to unknown entities! Bad actors are counting on you to give them the MFA codes so they can hack your system. It is much more difficult for them to hack an MFA code than it is for them to just ask the victim for the code instead.

Educate Yourself Continuously:
Staying informed about the latest phishing techniques and scams is crucial. Cybersecurity awareness and education are your best defenses against online threats. Regularly update yourself on common scams and phishing tactics to stay one step ahead of cybercriminals. Websites such as https://www.csoonline.com/ and https://therecord.media/ are great online sources for up to date information on the latest online threats. Tech companies such as Microsoft also regularly post about newly discovered threats on forums such as https://learn.microsoft.com/en-us/security-updates/

Report Suspicious Activity:
If you encounter someone you suspect is a phisher or scammer, report the activity to the relevant platform or authority immediately! Your report could help prevent others from falling victim to the same scheme.

Have a passphrase for verification:
When dealing with a suspected phish, it helps to ask questions that have agreed upon answers that only members of the organization would know. Q:”What is the CEO’s favorite flavor of ice cream?” A: “He is lactose intolerant and doesn’t eat dairy. “
Q:”What time does the Narwhal bacon?” A: “Midnight!”
Having passphrases with secret answers can successfully prevent a phish from gaining access to your businesses’ systems.

In conclusion, the internet offers incredible opportunities for communication and collaboration, but it also presents risks from malicious actors. To verify if someone is real and not a phish, use your critical thinking skills, verify information, and stay vigilant. Remember that it’s okay to be cautious online, and when in doubt, prioritize your safety by verifying the authenticity of individuals and organizations you interact with. By following these guidelines, you can navigate the digital world with confidence and protect yourself from falling victim to phishing scams. If you would like to know more, give our cybersecurity experts at Shammam Consulting a call today!