Phishing Scams ContinueJohn Biglin, CEO | February 9, 2016
In mid-January, I was asked to present at a conference of businesspeople regarding CyberSecurity issues. I usually present at least once per month at meetings and conferences about Cyber issues and best practices for protecting corporate and personal information.
When I speak at conferences, one of the topics I always discuss is phishing – a malicious e-mail sent to someone in an attempt to steal information from the recipient or otherwise negatively affect the recipient or their computer system. I’ve also posted on this blog previously about the risks of phishing.
When I would present similar information two years ago, I would say that more than 70 percent of attendees were unaware of phishing and the various risks associated with it. In my more recent presentations, including this latest one in January with 150 attendees, it seems like over 50 percent of attendees were aware of the concept of phishing scams and 20 percent of them had seen it first-hand.
The Good News:
The Bad News: The reason many people are aware is because they or someone they know
To continue on our quest to spread awareness and recognition of these scams, I’ve created another post about it.
To be clear: Phishing Scams are currently the most common active threat that are hitting users personally and at all levels of organizations.
Spear-Phishing is something similar but more targeted in which e-mails appear to be sent from a particular person that the recipient knows. When this happens, the recipient can sometimes communicate back-and-forth with the scammer because their e-mail address looks legitimate. Every month a company executive or board member mentions a scenario to me whereby their organization was or was almost duped into sending confidential information or wiring money based on what appeared to be legitimate e-mails from scammers. Often times scammers create an email address but change the letters of the company domain name and then send their messages to unsuspecting users.
Here are some simple examples:
If the CFO’s real address is firstname.lastname@example.org the scammers create one such as
-email@example.com (a numeric 1 in place of the letter ‘l’)
-firstname.lastname@example.org (’n’ in place
They then send an email to someone who can wire transfer money, such as a Controller or Finance Manager, and they
Ways to protect yourself and your firm:
1 – If possible, never accept a request to wire transfer money without a face-to-face (or video) conversation or a phone call dialed by you to the phone number you know is accurate for the person requesting the wire. Implement this policy in your firm and make everyone aware of it.
2 – If you typically cannot meet with the person face-to-face/video call, such as in large organizations, setup a code word that is to be used in authorization step for all wire transfer requests. The code word should be published only to staff involved in wire transfers and it should be changed on a regular basis, but no less than annually.
3 – Ensure that your bank sends an e-mail alert anytime a wire transfer is requested, and setup your e-mail software (such as Outlook) with a rule that automatically will display an alert on your screen when a wire transfer happens. Alerts should be sent to more than one person. Even better, send the alerts to your mobile phone(s). My team can show you how to do this.
4 – While many good firewalls can protect your firm’s users by blocking lots of external threats, carefully created phishing emails can often slip past them. We offer clients a content filtering service that
5 – Always try to look at the sender’s e-mail address to see if it truly is accurate. With as busy as everyone is, it is easy to miss that.
6 – Remember that high-quality logos from banks,
User Awareness also helps drive down the impact of CyberSecurity scams. To that end, we have created a bi-weekly CyberSecurity TechTip for which you, anyone in your firm, or other colleagues at other firms can sign up. We don’t use the CyberSecurity TechTips for any other purpose other than to help our clients,
Teamwork is more important than ever for today's businesses--and Microsoft Teams makes it easier than ever for your business to begin realizing the promise of a digital workspace. Subscribe now to stay informed on how Teams, as the hub in Office 365, can elevate and...
At the Alcoa plant in the distant coastal town of Fjardaal, Iceland, employees relied on a magnetic board to assign and trade shifts, while standard email was used to communicate critical information from one shift to the next--both of which required people to be...
Did you know that technology is helping to protect and save our oceans? With #cloud security and communication tools, @JacksDiveLocker has exponentially increased their outreach and education efforts to keep our oceans healthy and thriving.
Want to see how the latest #security tools can help grow your business? Contact the Client Engagement team at Interphase Systems (email@example.com or 610-276-5500) to get started today!
Communication among team members and between different teams, especially when they’re in different locations, can be a huge challenge–but it doesn’t have to be an obstacle to collaboration and teamwork. Watch this video to discover why Red Lion Hotels (RLH) trusted Microsoft Teams to integrate all its corporate collaboration needs into one internal communications tool. Interphase Systems helps organizations of all types build and implement a collaboration strategy that leverages Microsoft Teams as the nexus for internal and external team collaboration. Contact our Client Engagement team today (firstname.lastname@example.org or 610-276-5500) to help your organization plan and implement its own collaboration strategy.
One of the most popular questions that I receive, as it pertains to Office 365, is as follows: "When should I use Teams, Yammer and Skype for Business? Their functions seem to crossover." Many people have provided their insights in an effort to...
Are you ready to lose all your money, cancel all accounts, and probably experience a system failure? I’m sure you will never be ready for that, which is why it’s critical you recognize the anatomy of a phishing email to avoid becoming a victim. So here are several...