Phishing has proliferated and become more sophisticated over the past few years – making it essential that organisations know how best to avoid the traps, according to AnyDesk.
Stephanie Graebel, writing for the secure remote-desktop access software vendor, said: “Their techniques go beyond sending emails and include clever social engineering strategies that are sometimes hard to expose.”
Phishing emails, “smishing” text messages or “vishing” phone calls can seem like they’re from a bank, a social media site, your email provider, or your manager, yet are designed to steal data and information. So the first thing is to be educated and aware of the risk, avoiding clicking on or interacting with suspicious-seeming content
“Sometimes, there are even suspicious files attached to the email which could eventually install malware on your device,” added Graebel. “We recommend you validate the sender and check the link carefully.”
Contact attempts of which you are unsure can be checked by searching the web for reports of similar scams or phishing attempts. Most likely, other people have received the exact same scam message and have posted about it on a forum or a scamwatch website.
Fraudulent links can easily be disguised as order confirmations or tracking updates, for example. Sometimes you may be asked to download some kind of app – which might hide malware such as worms, viruses, ransomware, trojans or similar.
“When in doubt, use a search engine to look up the phone number or organisation.”
Spear phishing and whaling is when a phishing attack targets a specific individual, such as particular job role in the organisation. Only share information publicly – such as on social media – with a time delay and try to avoid revealing many details of your personal life, she said.
Then there’s pharming, where cybercriminals may take over an entire DNS server, using a legitimate domain to divert traffic to their own website, often a close replica of a real one, to steal login credentials, for example, Graebel said.
“This happened in Venezuela in 2019, where fraudsters targeted a specific website that was part of a humanitarian aid campaign,” she said. “All traffic to the site was redirected to a counterfeit twin, and, consequently, all data was stolen.”
Always check the sites you visit is HTTPS – not the less secure HTTP – before entering any data. Double-check all links and URLs before revealing any personal information.
Never give your remote access ID to anyone you don’t know, for instance. Only download product from an official source. Also, keep all software updated, including antivirus applications, and enable automated spam filtering, security training, web filtering, multi-factor authentication (MFA), and regular backups.
“Always reconfirm the authenticity of the person who wants to connect to your device. When in doubt, reject the incoming connection altogether,” Graebel said.
Professional-grade remote desktop tools should encrypt all data and comply with strict security standards to help keep organisations safe from threats such as phishing if used correctly, she added.
Remote desktop tools such as AnyDesk have additional features such as the ability to create custom clients with certain preset privileges or to manage permissions, Graebel noted.