Phishing Scams ContinueJohn Biglin, CEO | February 9, 2016
In mid-January, I was asked to present at a conference of businesspeople regarding CyberSecurity issues. I usually present at least once per month at meetings and conferences about Cyber issues and best practices for protecting corporate and personal information.
When I speak at conferences, one of the topics I always discuss is phishing – a malicious e-mail sent to someone in an attempt to steal information from the recipient or otherwise negatively affect the recipient or their computer system. I’ve also posted on this blog previously about the risks of phishing.
When I would present similar information two years ago, I would say that more than 70 percent of attendees were unaware of phishing and the various risks associated with it. In my more recent presentations, including this latest one in January with 150 attendees, it seems like over 50 percent of attendees were aware of the concept of phishing scams and 20 percent of them had seen it first-hand.
The Good News:
The Bad News: The reason many people are aware is because they or someone they know
To continue on our quest to spread awareness and recognition of these scams, I’ve created another post about it.
To be clear: Phishing Scams are currently the most common active threat that are hitting users personally and at all levels of organizations.
Spear-Phishing is something similar but more targeted in which e-mails appear to be sent from a particular person that the recipient knows. When this happens, the recipient can sometimes communicate back-and-forth with the scammer because their e-mail address looks legitimate. Every month a company executive or board member mentions a scenario to me whereby their organization was or was almost duped into sending confidential information or wiring money based on what appeared to be legitimate e-mails from scammers. Often times scammers create an email address but change the letters of the company domain name and then send their messages to unsuspecting users.
Here are some simple examples:
If the CFO’s real address is email@example.com the scammers create one such as
-firstname.lastname@example.org (a numeric 1 in place of the letter ‘l’)
-email@example.com (’n’ in place
They then send an email to someone who can wire transfer money, such as a Controller or Finance Manager, and they
Ways to protect yourself and your firm:
1 – If possible, never accept a request to wire transfer money without a face-to-face (or video) conversation or a phone call dialed by you to the phone number you know is accurate for the person requesting the wire. Implement this policy in your firm and make everyone aware of it.
2 – If you typically cannot meet with the person face-to-face/video call, such as in large organizations, setup a code word that is to be used in authorization step for all wire transfer requests. The code word should be published only to staff involved in wire transfers and it should be changed on a regular basis, but no less than annually.
3 – Ensure that your bank sends an e-mail alert anytime a wire transfer is requested, and setup your e-mail software (such as Outlook) with a rule that automatically will display an alert on your screen when a wire transfer happens. Alerts should be sent to more than one person. Even better, send the alerts to your mobile phone(s). My team can show you how to do this.
4 – While many good firewalls can protect your firm’s users by blocking lots of external threats, carefully created phishing emails can often slip past them. We offer clients a content filtering service that
5 – Always try to look at the sender’s e-mail address to see if it truly is accurate. With as busy as everyone is, it is easy to miss that.
6 – Remember that high-quality logos from banks,
User Awareness also helps drive down the impact of CyberSecurity scams. To that end, we have created a bi-weekly CyberSecurity TechTip for which you, anyone in your firm, or other colleagues at other firms can sign up. We don’t use the CyberSecurity TechTips for any other purpose other than to help our clients,
Smooth, easy collaboration is more important than ever in today’s workforce. Microsoft is currently rolling out an updated Teams meeting experience that brings several highly-requested features to organizations that use Teams. This new experience will enable users to...
The way we work has evolved quickly during recent weeks. As a result, people are pressed for time, now more than ever. With these recent changes in working remotely, Interphase Systems has developed its latest “Lunch Byte” webinar series in an effort to help you...
Microsoft Teams is a chat-based collaboration tool that provides global and remote capabilities for various businesses within Office 365. It gives organizations the ability to work together and share information via a common space by employing the use of one-on-one...
Now that many of us are working remotely from home, we need to be sure that we are still protecting ourselves and our company from security threats and risks. DON’T LET YOUR GUARD DOWN! Some of us may be working on company laptops or PCs and some of us may be working...
It has happened again! On Tuesday, Marriott announced that confidential information on up to 5.2 million guests was compromised recently, including names, phone numbers, birth dates, room preferences and loyalty plan numbers. The data was allegedly accessed beginning...
Microsoft Office 365 has released its latest app called “Office” for public use. This is the go-to app for access to all of your Microsoft Office work directly from your mobile device. This new app combines Word, Excel, and PowerPoint into a single app and gives you...