Evette Collins, Raffa Technology
No one is immune to the seemingly endless barrage of phishing e-mails that greet us in our e-mail inboxes daily. Great spam filters, firewalls and multi-million dollar internet providers cannot provide complete protection to keep the flood of phishing scams at bay. How can we keep the cartels of sharks under control?
A little over a month ago, an e-mail arrived from PayPal that said I needed to log in to claim a recent payment. The timing was perfect, as I had recently sold something on eBay. I opened the e-mail and moved my mouse to click on the link. Just in time, my paranoia kicked in. I thought for a moment, and remembered that when buyers pay, PayPal receives payment and notifies me. I do not have to click on anything. The timing of the phishing e-mail almost got me. I deleted the e-mail.
We all have examples of how we we took the bait, or came close to biting on an e-mail that read like a legitimate notice. It could have been from your bank to log in and verify your account, or a tempting offer to click and gain some sort of reward or compensation. Phishing scams are seemingly everywhere. According to a recent report, phishing increased 74 percent in the second quarter of 2015, over the same period a year ago. This is a staggering increase.
The best way to avoid being phished is to apply paranoia-like skepticism to all incoming e-mails and internet offerings. Michelle Couture, Product Manager for Intermedia, shared her best practice tips to avoid being fished on their blog recently:
- Be aware of email requests with high urgency that ask you to take quick action. Phishers often prey on employee trust and will imitate executives to get you to comply with high urgency actions like wiring large amounts of money ASAP. Or in my case, losing my matching benefits if I didn’t immediately comply. As a rule of thumb, if you are ever in doubt, double-check the request with the sender either by phone or by composing a new email—never reply to the email itself.
- Never give sensitive personal or financial information over email. Trusted parties will never ask you for personal or financial information through email (e.g., social security numbers, account numbers, credit card numbers, passwords, etc.). Be cautious of emails that ask you to call a phone number to update your account information as well.
- If an offer seems too good to be true, it probably is. Offers of big bonuses, large payments or gifts (e.g., win a free iPad) are ways attackers try to get inside your head. If the promise is “too good to be true,” do some research into the individual or company before taking action.
- Think about whether you initiated the action. Phishers will try to spoof well-known companies to have you reset your password, update your account or track a shipment. Always be suspicious of unsolicited email, if you didn’t prompt a password reset — don’t click the link.
To learn more about phishing and other common technology scams, attend our upcoming Raffa Learning Community seminar, IT Security – What You Need to Know on January 26th.