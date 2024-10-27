🔊 Listen to this

For Jody Hagemann, the senior director of sales engineering for the Northeast Division of Comcast Business, issues of cybersecurity and, specifically, of phishing are of the utmost concern.

“It’s our number one threat for the country,” Hagemann stated.

The numbers appear to back up Hagemann’s claim. According to the Comcast Business 2024 Cyber Security Threat Report, 2.6 billion phishing interactions were detected by Comcast Business in 2023.

That same report indicated that the general public should not consider a phishing attack to be a vague possibility. They should consider it an inevitable threat.

Despite the massive cloud that phishing has placed over the average American’s daily technological interactions, it is still not entirely understood by the general public. It can come in a number of forms — including web links, emails and text messages.

“[Phishing] is encouraging people to share their personal information with malicious actors so that the information can be harvested and monetized,” Hagemann explained, offering the basic definition of this malicious practice.

Through the aforementioned forms of communication, a phisher will attempt to gain the trust of the potential victim. The attacker will begin with a small base of information, but just one slip from the attacked party can open them up to a full-blown and successful phishing attempt.

“They will know your name. They will know your phone number, because that’s how they reached you,” Hagemann said. “But they may not know your birth date. They won’t know your Medicare number. They won’t know your Social Security number. And do not give out financial information — credit card, any kind of banking information.”

The people who execute phishing attacks can be domestic or foreign, with bad actors in China and Russia leading the way. In some countries, people are trained in hacking, giving them the skills necessary to carry out a phishing attack.

According to Hagemann, the post-pandemic era has seen a clear uptick in phishing attacks. Everyone, including professionals in the cybersecurity field, are vulnerable.

Hagemann spoke to personal experience on the matter of phishing attempts. In recent weeks, a member of her family was receiving medical care, so the health care process was on her mind. She said a phisher, who knew her family member’s name, attempted to get health-related information from her. Hagemann was able to recognize the ruse, but acknowledged that the attempt came to her at a vulnerable time.

“If this is happening to me, this is happening to businesses, individuals…,” said Hagemann. “Everyone is vulnerable.”

The human element, which played a part in Hagemann’s recent case, can make all the difference. Through modern technologies, such as generative artificial intelligence, phishing attempts in written and spoken form have become incredibly convincing.

This was not the case in the recent past.

“[Years ago] you would pick up on it. You would say ‘the language is not right,’” Hagemann said. “Now, the language is perfect, and the email address is off by one character.”

Hagemann indicated that there is a cultural element to phishing attacks that makes Americans particularly susceptible. She noted that in many cases, Americans instinctively read and react to emails in an effort to be more efficient. However, recognizing little details in an email or text message that can indicate a phishing attempt can get lost when an email is not read with greater discretion.

There are a number of ways in which the average American can react more appropriately to phishing attempts. First, it involves taking a breath and paying closer attention to your interactions.

The second, more systematic way to root out a number of phishing attacks is to educate the masses.

“You’ve got to do regular human intervention, education, testing…” said Hagemann.

Education comes in different forms for different age groups. Across the ages, the key is to meet people where they are. For younger people, it means social media engagement. For older people, it means more traditional forms of media. And for the group in between, the most active workers in the United States, education is often most effective in the workplace.

Employers can send workers faux-phishing emails, which they can turn in to their company’s information technology (IT) department. Successful flags by employees can then be rewarded with positive reinforcement.

“People need that human reinforcement because the more we test people, the more we educate people, this is what’s going to keep these incidents down,” Hagemann explained.

Over-the-phone phishing attacks, which are especially prevalent in older populations, can be handled by answering questions with questions. Hagemann recommends asking for the caller’s name and callback number.

“The minute they do not give you or hesitate to give you what number to call back at, that’s when you know it’s fraudulent,” said Hagemann.

If you are the victim of a phishing attack, there are options. The most important step is to reach out to the element of your life which has been targeted. If your financial or medical affairs have been compromised by a phishing attack, reaching out to your bank or health provider, respectively, should be your first move.

Local law enforcement or, in the case of businesses, the Federal Bureau of Investigation (FBI) can get involved following a phishing attack, but the damage is often already done. In cases of lost information or finances as the result of a phishing attack, reimbursement is not guaranteed.