Someone on my family group chat recently posted a news story warning about a public utility e-mail scam going around. We all want to think we’ll never fall for such a scheme. Certainly no one in my family would fall for it, right? In my experience, anyone can be tricked by an e-mail like this; even experienced IT professionals. I quickly put on my cape and gave some tips to my family members on a couple things to look out for with such scams. I know it’s easy to click the links in these e-mails that look so real, but the best thing to do in this situation is to delete the e-mail and login to the actual account from which the e-mail claims to be from to see if what it says about your account is true. Always go to the source. Don’t trust when the source comes to you.
During this time of known increased cyber security risks, let’s look at some other basic tips on how to avoid being scammed by a malicious e-mail or web site. Through e-mail, scammers usually try using phishing or spoofing to trick users. Phishing is when someone sends you an e-mail purporting to be from well-known companies, or your common clients, in order to trick you into revealing personal information, such as passwords and credit card numbers. Spoofing is when someone uses the name of a known sender to gain trust, but is actually sending the e-mail from a different e-mail address.
Internet Security Basics
- Always assume that the party that contacts you is malicious and is aiming to gain access to privileged information and use it in ways that will harm your company. Continue with that assumption until you have solid proof otherwise.
- Do not open e-mail attachments to any unsolicited e-mails and e-mails from people you do not know.
- If you feel that an e-mail requires you to respond and provide sensitive information, call the institution or organization that the message was sent from at a phone number that you have on file or that is published on their official website. Do NOT call at a number that may be provided in the e-mail message.
- Do not click on advertisements in websites.
- Do not click on any pop-ups. Do not even click on “close” (or any other) buttons and red “X” in the top right corner of a pop-up window. Close pop-up and the website immediately by shutting down your browser.
- Before typing you user name and password into a website, ensure that the URL is spelled exactly correct.
- Report any suspicious phone calls, e-mails websites, strangers to your supervisor immediately.
Common Phishing E-mail Techniques
- Purporting to be from a trusted party
- Unsolicited. You did not expect such a message
- Not typical way to perform the function they want you or not typical function for you. For Examples:
- You never received faxes in an e-mail, but now you got one
- The fax messages you received in an e-mail always looked different from the one you just received
- You never had anything to do with money wire transfer in the company. Now you received a message inquiring about that
- You have not sent any money transfers recently and received a message about it
- Money transfers that you completed in the past did not result in an e-mail that looks like the one you just received
- It’s really just one: don’t trust the sender’s name; Always look at the e-mail address the e-mail came from. Let IT know if you receive a spoofed e-mail.
- For example, the details of the e-mail may look like this: Matthew Riebow <[email protected]>
I hope this helps you to avoid a bad situation in the future.
Contact us if you would like more information on how we could help your business or call 813-985-7972.