There has been a significant increase in cyber-attack attempts on firms and businesses of all sizes with increased sophistication. Many email requests for money transfers and financial information that appear legitimate are “phishing” scams. Phishing is one of the most common attack methods used by cybercriminals, posing as a legitimate institution or person, to fraudulently gain access to a computer system, sensitive information, and/or financial resources by sending correspondence, usually via e-mail, to induce recipients to reveal such information.
Below are some tips to avoid these scams:
Learn the signs of common e-mail schemes. Be on the lookout for communications that:
- Include payment instructions. Please enact procedures to confirm with counsel, via phone, regarding the requested financial information.
- Notify you of suspicious activity or log-in attempts to your account.
- Claim there is a problem with your account or your payment information.
- Demand you confirm some personal information.
- Include a fake invoice. If you receive an invoice, make sure that the invoice is expected, is the correct amount, and that details of the payment remittance is expected. Many times, a cybercriminal will hack into someone’s e-mail account and look for opportunities to perform invoice scams against their contacts by sending fake invoices from legitimate e-mail accounts but changing the phone contact and/or payment remittance to divert payment to their accounts.
- Want you to click on a link to make a payment.
- Say you are eligible to register for a government refund.
- Offer a coupon or free stuff. Beware of “too good to be true” offers. A real example: Apple is NOT giving out free iPhones.
- Have subject lines that appear highly urgent, such as “URGENT” or “Are you available?”
- Inform you that your password was successfully reset when you did not.
- Involve government agencies requesting for personal information, such as your Social Security Number or login information. Legitimate government agencies will never ask for that information.
- Include e-mails from “Service Desk” departments with company-wide announcements.
Carefully review all e-mails you receive to ensure authenticity.
- Check the e-mail address to make sure the sender is not impersonating someone you know. Look for unknown e-mail addresses, misspelled words, cryptic and short messages, awkward language, and unrecognizable signatures.
- Examine all links and attachments. Avoid clicking malicious URLs and spoofed login pages.
- “Sniff test” – ask yourself: Am I expecting this e-mail? Is the e-mail from someone that I normally communicate with? Is the sender asking for something that does not “feel” right? If there is an unexpected or unusual request for documents or money, it is probably a phishing scam.
- Review Social Engineering Red Flags for each e-mail you receive before proceeding to click, respond, or take action.
Do not forward suspected phishing e-mails to anyone.
- This increases the risk of an individual to be tricked by the Phish.
- Instead, report the e-mail to your supervisor and/or manager that can address the phishing e-mail.
Do not install unauthorized software on your company equipment.
- Unauthorized software can be dangerous malware that can compromise your device or equipment.
- Keep in place a proper internal security and licensing process that software installations are required to go through to ensure safety of all company equipment.
Be cautious for spoofed Caller IDs.
- When receiving a call, especially one that’s unexpected or is asking for personal/payment information (such as a bank), instruct the caller that you will call them back using a number on file.
- Use an authoritative source such as the number on the back of your credit card, your bank’s website, or invoice that you know to be accurate.
- Be extra cautious for calls claiming to be from hospitals or law enforcement agencies. As inconceivable as it sounds, some cybercriminals will make fraudulent calls and tell the recipient that their loved ones have been hospitalized and they need a payment to perform life-saving treatment; seniors are especially susceptible to this type of scam.
Other Important Tips:
- Make Multi-Factor authentication (MFA) mandatory.
- Only connect to secure WiFi.
- Monitor and update outdated software and hardware.
- Independently verify the telephone number and location of the business/individual contacting you.
- Request documentation that adequately identifies the parties involved in a communication that requests confidential information.
- Call the business/individual to confirm receipt of a suspicious e-mail.
Together, we can guard against these incursions into our systems and business. Should you have any questions and/or concerns, please do not hesitate to contact Rebar Kelly at (484) 344-5340.