Fishing or Phishing? Stay Email Vigilant

Today everyone is on edge regarding online safety, email security and internet protections. There are so many levels of intrusions and situations it’s hard even for technical industries to keep up. We wanted to share a few basic definitions and some real-life situations to be aware of, so your business, staff, and families stay safe online.

  • Spam: Usually defined as an unsolicited, bulk, commercial email. Spam is from someone trying to sell you something. The most common types of spam are healthcare and dating. Spammers are attempting to obtain personal information from a victim. The terms junk mail and spam have become somewhat interchangeable.
  • Phishing: Tricking individuals to disclose personal information or take a dangerous action, such as opening an infected attachment or visiting a compromised website.
  • Spear Phishing: When a probe for information is a ‘targeted’ attack on a specific individual. The attacker has researched the target which leads to a more successful attack.
  • Spoofing: Tricking or deceiving you or your system by hiding the sender’s identity or faking the identity of another user.

Beware! Shared client stories

  1. Several Howard Tech clients have reported receiving emails that ask for personal information and are personal in nature (e.g., user name, password, house address). The sender appears to know some details about you and demands money in return for not posting suggestive data or pornographic clips. DO NOT RESPOND! Report the email as spam using “Report Manager” tool and delete.
  2. There have been cases of other emails that look like a typical internal office email. These are senders impersonating a staff member who send another staff member a request to ‘wire money’, purchase gift cards, or access webmail accounts. Hackers can find out who company decision makers or financial officers are via websites, and they use this to personalize the email. If an email is ever asking for money, use caution and be diligent in verifying the request off-line. Do this by talking to the office mate in person, calling the assumed ‘sender’, texting them, or creating a new email message. If you respond to the original email, it will reply back to the false address (so of course they’ll say ‘Yes! Send the money’).
  3. Even staff at Howard Tech receive fraudulent emails. Most recently these emails include attachments that are outside their specific job duties. For example, the email was from Accounts Payable asking to ‘confirm aging payables’ or ‘open outstanding invoices’. Again, do not open the attachment but verify the validity beforehand. Check the sender’s email and grammar usage. If it doesn’t seem right, then don’t respond. The emails and attachments are most likely spam.
  4. Security breaches have included large corporations like Jersey Mike’s, Target and LinkedIn. Basically, cyber attackers gain access to your personal information through a company’s system. You can never be too safe with your access and information. Keep your account passwords safe and change them frequently. Howard Tech has been educating clients about the dangers of the Dark Web and tools we can use to see if your information has been compromised.

    Sample of spam email received

     

Protect yourself and your business and always verify the request before doing anything.

What you can do

We’ve shared before about smart email habits; however, it takes several times and different ways for people to really get it. Gauge each uncertain email with some basic questions:

  • Who is this person sending me the email? Check the email address to see if it’s a legitimate email.
  • Do I know the sender? Does the message sound like them or how you usually interact?
  • Are there typos in the email? Hover over the URL and see if the hyperlinked address matches the displayed address – if they don’t match it’s probably fraudulent.
  • Is there access the sender has to my business/personal email contacts?
  • What ‘task’ are you being asked to do? It is a normal operation?
  • If being asked to do something, confirm the request. Follow up separately phone call, face-to-face conversation, text or create new email) to the known person/sender in the email to confirm the information.
  • Do not click on links or open attachments unless you are certain they are from a valid source.
  • Be judicious with your passwords! Change frequently and maintain security.
  • Keep up with the latest security measures and update your antivirus software.

When all else fails, reach out to Howard Tech Advisors and we will do our best to help. Educate your employees so everyone makes smart and safe decisions online. Howard Tech can show you a security awareness tool, KnowBe4, that could benefit your business and everyone on your team.

HOWARD TECH ADVISORS: YOUR PARTNER IN TECH

At Howard Tech Advisors, we manage your IT infrastructure so that you don’t have to. Whether you need assistance creating a disaster recovery plan or you’d like to outsource your IT needs, we can help! Keep up with our weekly blog to stay up-to-date on the latest tech trends, security information you need to know to stay safe online, and tips and tricks to effectively navigating an increasingly mobile world.

Don’t forget to check us out on FacebookTwitter, and LinkedIn too.

About The Author

Paul Glagola

Paul Glagola

Paul joined Howard Tech in 2018, bringing over 20 years of technology, business development and team-building experience. Prior to HTA, Paul spent almost 18 years with Columbia-based JPB Partners as Vice President of Technology and led the technology efforts of private equity investments for JPB. Paul earned his BS in Mechanical Engineering from the University of Virginia and his MBA from the RH Smith School at the University of Maryland. Paul grew up in Frederick County, and moved to Howard County in 1998. He currently resides in Ellicott City with his wife and 3 kids, and remains involved in youth sports.


This entry was posted on Tuesday, November 27th, 2018 at 10:13 am. Both comments and pings are currently closed.

Comments are closed.