Artwork for podcast Byte Sized Security
Ep3: How to Spot and Avoid Phishing Attacks
Episode 318th August 2023 • Byte Sized Security • Marc David
00:00:00 00:05:15

Share Episode

Shownotes

In this episode of Byte Sized Security, host Marc David talks with expert Ethan Winnobego about how to recognize and avoid phishing scams trying to steal your personal information. They discuss:

  • What phishing is and the major security risks it poses
  • Common phishing techniques like fake login alerts and malicious links
  • Red flags to watch out for like urgent requests for info and odd URLs
  • Steps to take if you suspect a phishing attempt
  • Safety measures like strong passwords, multi-factor authentication, and training
  • How companies and institutions can help defend against phishing
  • Why you should slow down and verify legitimacy before acting
  • Key advice for individuals to thwart phishing attempts

For full episode recaps, subscribe to Byte Sized Security wherever you get your podcasts or visit our website bytesizedsecurity.show. See you next time!

Transcripts

Marc:

Welcome to another edition of Byte Sized Security, the bite-sized

Marc:

cybersecurity podcast served up by me, your host Marc David.

Marc:

Phishing remains one of the top threats to our online safety.

Marc:

Today I speak with security expert Ethan Winnobego about how to recognize

Marc:

and avoid phishing attempts aimed at stealing your personal information.

Marc:

Stay tuned to learn easy tips that can prevent you from getting

Marc:

hooked by a phishing scam.

Marc:

Thanks for joining me Ethan!

Marc:

It's Winnobego right?

Ethan:

Happy to be here.

Ethan:

Yes, you are correct.

Ethan:

Winnobego.

Ethan:

It's Irish.

Marc:

First off, can you explain what exactly phishing is and why

Marc:

it's such a major security risk?

Ethan:

Sure.

Ethan:

Phishing is a type of social engineering cyberattack where criminals try

Ethan:

to trick users into handing over sensitive information or clicking

Ethan:

on malicious links by disguising themselves as trustworthy sources.

Ethan:

They create fake websites, emails, texts and more designed

Ethan:

to look like they’re from banks, companies, or contacts you know.

Ethan:

But once you input your login credentials or click their links, they

Ethan:

can steal your financial and personal information or infect your device.

Marc:

So simple human error can lead to major consequences.

Marc:

What are some common phishing techniques people need to watch out for?

Ethan:

Classic phishing emails are ones pretending to be account

Ethan:

alerts asking you to log back in.

Ethan:

Links in emails and texts bringing you to fake login pages are also popular.

Ethan:

Pop-up warnings about device infections that include a phone

Ethan:

number to call can be phishing.

Ethan:

And then there are more personalized spear-phishing attempts targeting

Ethan:

you specifically with info scammers have gathered on you.

Marc:

Yikes, they sure get creative don’t they?

Marc:

What are some ways people can spot potential phishing attempts?

Ethan:

The number one red flag is any unsolicited email, text or call

Ethan:

asking you to urgently verify or re-enter your personal information.

Ethan:

Things like wrong domain names in emails, spelling errors, threatening

Ethan:

language demanding you act, or odd links should raise suspicion.

Ethan:

Your bank won't email asking for your password out of the blue.

Ethan:

Also be wary of offers that look too good to be true.

Marc:

Great tips.

Marc:

If someone suspects a phishing attempt, what should they do?

Ethan:

Don’t click any links or call phone numbers provided.

Ethan:

Check the sender’s domain or email closely to confirm it’s your real

Ethan:

bank or company contacting you.

Ethan:

Call the published customer service number to verify any urgent notices.

Ethan:

Report the phishing attempt to the appropriate institutions.

Ethan:

And contact your bank if you shared financial information just to be safe.

Ethan:

The key is avoiding quick reactions until you can confirm an alert is legitimate.

Marc:

What security measures can people take to protect themselves from

Marc:

getting phished in the first place?

Ethan:

Using unique complex passwords for every account limits criminals accessing

Ethan:

multiple sites if one password is stolen.

Ethan:

Enabling multi-factor authentication provides extra login protection.

Ethan:

Installing anti-phishing browser extensions can detect fake pages.

Ethan:

Keeping software updated blocks exploitation.

Ethan:

Education about the signs of phishing goes a long way too.

Ethan:

And backing up your data provides recovery ability if an attack still occurs.

Marc:

With phishing so rampant, can companies really help address this?

Ethan:

Absolutely.

Ethan:

Implementing security awareness training helps educate employees

Ethan:

who are common targets.

Ethan:

Advanced email filtering before messages reach inboxes detects many phishing lures.

Ethan:

Monitoring activity helps flag when credentials or data

Ethan:

are being accessed unusually.

Ethan:

And offering services like MFA and login alerts empowers

Ethan:

people to protect themselves.

Ethan:

Defense against phishing takes both individual vigilance and

Ethan:

proactive security from institutions.

Marc:

Excellent overview on how phishing works and how we can avoid

Marc:

getting hooked by these scams.

Marc:

Any final advice?

Ethan:

Slow down and use common sense when faced with urgent security notices.

Ethan:

And don't let fear push you into hasty reactions - that's

Ethan:

exactly what phishers want.

Ethan:

If something seems questionable, take the time to verify through

Ethan:

known trusted channels before providing info or clicking.

Ethan:

A little caution goes a long way in thwarting phishing.

Marc:

Wise words.

Marc:

Thank you Ethan for your tips on spotting and stopping phishing attacks!

Ethan:

Happy I could help shed some light on this threat.

Marc:

We covered a lot of ground on how to recognize and respond to phishing

Marc:

attempts aimed at deceiving you.

Marc:

Stay vigilant for red flags and verify legitimacy before acting.

Marc:

For recaps and more security lessons, head to our site byte sized security.show.

Marc:

We'll see you next episode - until then watch out for the phish!

Links

Chapters

Video

More from YouTube