Friday, December 7, 2018

Phishing Attacks Dos and Don’ts for Employees

/ by  / with No comments /


Phishing is a fake email, text or social media message with the intent of having you click on a link or open an attachment. By doing so, the criminals are hoping to get you to change your password so they can access your information, get into your computer to find your financial information, or infect your phone, tablet or smartphone with malicious software allowing them to see everything you do.

Dos

  1. Do ask yourself if the email is from someone you know, or if the subject line is odd or suspect.
  2. Do check email content for spelling and grammar mistakes if you feel the email is suspicious.
  3. Do ask yourself if you were expecting a new document or zip file.
  4. Do delete any suspicious emails from your inbox and then from your deleted folder.
  5. Do verify the legitimacy of requests or sources. Look up the company contact information from which the email, text or call claims to be. Then call the company yourself to verify that the email or text is legitimate. If you suspect a credit card scam, hang up with the caller and dial the toll-free number on the back of your credit card to verify the call.
  6. Do participate in up-to-date security training sessions within the com.
  7. Do scan files, received as attachments, for viruses before opening them. "This can be accomplished by going to the downloads folder, right clicking on the file and then choosing 'scan for viruses'".
  8. Do report phishing scams / any suspicious emails to information security department of your organization.

Don’ts

  1. Don’t open suspicious emails claiming to be from Ceylinco Life, any other financial institution, from your friend or other trustworthy organization if you are not expecting them. Common phishing phrases include “verify your account,” “Dear Valued Customer,” “within the next 48 hours,” “click this link” and “open this attachment.”
  2. Don’t click on a link from an email or open an attachment that you're unfamiliar with or even if it’s from someone you know. If you weren’t expecting grandma to send you an email containing your bank statements, for instance, ask her if she did send you something before opening it.
  3. Don’t click on a link or attachments in suspicious emails with grammar and spelling mistakes. Phishing emails are known to contain spelling mistakes and bad grammar; threats; attachments with incorrect or suspicious filenames or extensions (e.g., .zip, .exe, .vbs, .bin, .com, .pif or .zzx); and links for unexpected e-cards, tracking for unknown packages, pictures or videos.
  4. Don’t click — only hover your mouse over — links in suspicious emails to see the real web address. If it doesn’t match the link typed in the message where the email says it will take you, it could lead you to a malicious website or a malicious file as an attachment, which will spread malicious software on your computer. Even if the links match, it’s better not to click links in emails unless you’re absolutely certain it comes from a reliable source.
  5. Don’t provide any personal information (i.e., login, account information, date of birth, social security number, etc.) via email, phone, text or social messages.
  6. Don’t visit websites that contain pirated information. When browsing websites, don’t visit or download files from suspicious websites. If downloading a file, always download it from the vendor’s or author’s website. This will eliminate the chances of getting pirated software.

Clues to Identify Phishing Scams

There are clues that a message is an attack. Here are the most common ones:

  1. A message asking you to click a link to view a statement (often a bank statement, for example).
  2. A tremendous sense of urgency that demands “immediate action” before something bad happens, like threatening to close an account or send you to jail. The attacker wants to rush you into making a mistake. For example, your bank account has been frozen and you need to click the link immediately to rectify the situation.
  3. Pressuring you to bypass or ignore your policies or procedures at work.
  4. A text message with a link telling you your account has been compromised.
  5. Your refund awaits or there's money waiting for you from a lottery or other source. The fraudster is asking you to visit a fraudulent website, click on an attachment or wire money to receive a cash prize (that never arrives).
  6. A generic salutation like “Dear Customer.” Most companies or friends contacting you know your name.
  7. Requesting highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know.
  8. The message says it comes from an official organization, but has poor grammar or spelling or uses a personal email address like @gmail.com.
  9. The message comes from an official email (such as your boss) but has a Reply-To address going to someone’s personal email account.
  10. A funny joke from what seems like a friend or coworker that conceals a malicious link or attachment.
  11. You receive a message from someone you know, but the tone or wording just does not sound like him or her.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)