In this episode of Byte Sized Security, host Marc David talks with expert Ethan Winnobego about how to recognize and avoid phishing scams trying to steal your personal information. They discuss:
What phishing is and the major security risks it poses
Common phishing techniques like fake login alerts and malicious links
Red flags to watch out for like urgent requests for info and odd URLs
Steps to take if you suspect a phishing attempt
Safety measures like strong passwords, multi-factor authentication, and training
How companies and institutions can help defend against phishing
Why you should slow down and verify legitimacy before acting
Key advice for individuals to thwart phishing attempts
For full episode recaps, subscribe to Byte Sized Security wherever you get your podcasts or visit our website bytesizedsecurity.show. See you next time!
Transcripts
Marc:
Welcome to another edition of Byte Sized Security, the bite-sized
Marc:
cybersecurity podcast served up by me, your host Marc David.
Marc:
Phishing remains one of the top threats to our online safety.
Marc:
Today I speak with security expert Ethan Winnobego about how to recognize
Marc:
and avoid phishing attempts aimed at stealing your personal information.
Marc:
Stay tuned to learn easy tips that can prevent you from getting
Marc:
hooked by a phishing scam.
Marc:
Thanks for joining me Ethan!
Marc:
It's Winnobego right?
Ethan:
Happy to be here.
Ethan:
Yes, you are correct.
Ethan:
Winnobego.
Ethan:
It's Irish.
Marc:
First off, can you explain what exactly phishing is and why
Marc:
it's such a major security risk?
Ethan:
Sure.
Ethan:
Phishing is a type of social engineering cyberattack where criminals try
Ethan:
to trick users into handing over sensitive information or clicking
Ethan:
on malicious links by disguising themselves as trustworthy sources.
Ethan:
They create fake websites, emails, texts and more designed
Ethan:
to look like they’re from banks, companies, or contacts you know.
Ethan:
But once you input your login credentials or click their links, they
Ethan:
can steal your financial and personal information or infect your device.
Marc:
So simple human error can lead to major consequences.
Marc:
What are some common phishing techniques people need to watch out for?
Ethan:
Classic phishing emails are ones pretending to be account
Ethan:
alerts asking you to log back in.
Ethan:
Links in emails and texts bringing you to fake login pages are also popular.
Ethan:
Pop-up warnings about device infections that include a phone
Ethan:
number to call can be phishing.
Ethan:
And then there are more personalized spear-phishing attempts targeting
Ethan:
you specifically with info scammers have gathered on you.
Marc:
Yikes, they sure get creative don’t they?
Marc:
What are some ways people can spot potential phishing attempts?
Ethan:
The number one red flag is any unsolicited email, text or call
Ethan:
asking you to urgently verify or re-enter your personal information.
Ethan:
Things like wrong domain names in emails, spelling errors, threatening
Ethan:
language demanding you act, or odd links should raise suspicion.
Ethan:
Your bank won't email asking for your password out of the blue.
Ethan:
Also be wary of offers that look too good to be true.
Marc:
Great tips.
Marc:
If someone suspects a phishing attempt, what should they do?
Ethan:
Don’t click any links or call phone numbers provided.
Ethan:
Check the sender’s domain or email closely to confirm it’s your real
Ethan:
bank or company contacting you.
Ethan:
Call the published customer service number to verify any urgent notices.
Ethan:
Report the phishing attempt to the appropriate institutions.
Ethan:
And contact your bank if you shared financial information just to be safe.
Ethan:
The key is avoiding quick reactions until you can confirm an alert is legitimate.
Marc:
What security measures can people take to protect themselves from
Marc:
getting phished in the first place?
Ethan:
Using unique complex passwords for every account limits criminals accessing
Ethan:
multiple sites if one password is stolen.
Ethan:
Enabling multi-factor authentication provides extra login protection.
Ethan:
Installing anti-phishing browser extensions can detect fake pages.
Ethan:
Keeping software updated blocks exploitation.
Ethan:
Education about the signs of phishing goes a long way too.
Ethan:
And backing up your data provides recovery ability if an attack still occurs.
Marc:
With phishing so rampant, can companies really help address this?
Ethan:
Absolutely.
Ethan:
Implementing security awareness training helps educate employees
Ethan:
who are common targets.
Ethan:
Advanced email filtering before messages reach inboxes detects many phishing lures.
Ethan:
Monitoring activity helps flag when credentials or data
Ethan:
are being accessed unusually.
Ethan:
And offering services like MFA and login alerts empowers
Ethan:
people to protect themselves.
Ethan:
Defense against phishing takes both individual vigilance and
Ethan:
proactive security from institutions.
Marc:
Excellent overview on how phishing works and how we can avoid
Marc:
getting hooked by these scams.
Marc:
Any final advice?
Ethan:
Slow down and use common sense when faced with urgent security notices.
Ethan:
And don't let fear push you into hasty reactions - that's
Ethan:
exactly what phishers want.
Ethan:
If something seems questionable, take the time to verify through
Ethan:
known trusted channels before providing info or clicking.
Ethan:
A little caution goes a long way in thwarting phishing.
Marc:
Wise words.
Marc:
Thank you Ethan for your tips on spotting and stopping phishing attacks!
Ethan:
Happy I could help shed some light on this threat.
Marc:
We covered a lot of ground on how to recognize and respond to phishing
Marc:
attempts aimed at deceiving you.
Marc:
Stay vigilant for red flags and verify legitimacy before acting.
Marc:
For recaps and more security lessons, head to our site byte sized security.show.
Marc:
We'll see you next episode - until then watch out for the phish!