28 Jan 2015

Gone Phishing? Get the FAQ’s

0 Comment

It’s when you go an catch a nice big fish, right?

Afraid not, and with phishing you are the “phish” the bad guys want to catch.  Yes phishing is one of the most significant threat vectors or way that the bad guys are focused next to trying to get you to click a bad link in a website. Here we will review some things it is important to know about email based phishing.

Not interested in being caught, what can I do?

Frankly in simple terms it is the old adage, “don’t talk to strangers” taken a few steps further to don’t click anywhere or on anything that is part of a strangers email.

How do I know a friend/customer/vendor from a “stranger”?

First, if it sounds to go to be true, is a pretty simple one.  Next they are getting pretty sophisticate and will attempt to pass themselves off as someone you trust be it a person or a company like your bank, etc.

Why isn’t our SPAM filter catching this?

Great question and the answer goes to the fact that these folks are smart and use many tricks to bypass the very sophisticated filters that are typically in place.  Further only relying on them is always dangerous as you might miss an important email etc,

What are concrete things I can do to protect myself?

Here are 8 straight forward steps that will help reduce your risks:

  1. Always be very wary of emails asking for confidential/private information, particularly information of a financial nature. Legitimate entities should never ask for sensitive information via email, and most financial institutes will not ask for your information unless you are the one contacting them.
  2. Never allow anyone to pressure you into providing sensitive information. The bad guys often use scare tactics, and may threaten to disable  or delay services until you update your information. Always contact the organization by phone to confirm the authenticity of their request.
  3. Please keep in mind that most of the spam you receive, in addition to potentially dangerous phishing emails, is coming to you because you have signed up on a website that has sold your email address to another company. Please keep this in mind when you give your information to any website.
  4. Keep an eye out for generic-looking requests for information. “Bad” emails are often not personalized, while “Good” emails from your financial institution often at minimum reference an account you have with them. Most phishing emails start with “Dear Sir/Madam”, and often show to be from a bank with which you don’t even have an account.
  5. Never submit confidential information via forms embedded within email messages. Senders are often able to track all information entered.
  6. Never use links in an email to connect to a website unless you are absolutely sure they are legitimate. Instead, open a new browser window and type the URL directly into the address bar. Often a phishing website will look identical to the original, look carefully at the address bar to make sure that this is the case.
  7. Make sure you maintain effective and frequently updated software to combat phishing. At YanceyWorks, we use several tools including Norton™ Internet Security to automatically detect and block fake websites. It also authenticates major banking and shopping sites.
  8. When in doubt give us a call or forward your email to our support team so we can check it out for you.
About the Author

For over 20 years I have enjoyed being a part of making my clients digital world something they have to worry less about.

Leave a Reply

Your email address will not be published. Required fields are marked *