Scam Of The Week: Phishing Moves To SmishingAlert your users...
Hi Robert,Internet bad guys are increasingly trying to circumvent your spam filters and instead are targeting your users directly through their smartphone with Smishing attacks, which are hard to stop.The practice has been around for a few years, but current new scams are mystery shopping invitations that start with a text, social engineering the victim to send an email to the scammers, and then get roped into a shopping fraud.These types of smishing attacks are also more and more used for Identity theft, bank account take-overs, or pressure employees into giving out personal or company confidential information. Fortune magazine has a new article about this, and they lead with a video made by USA Today which is great to send to your users as a reminder.I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:"Bad guys are increasingly targeting you through your smartphone. They send texts that trick you into doing something against your own best interest. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.Always, when you get a text, remember to "Think Before You Tap", because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information. Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEMObviously, an end-user who was trained to spot social engineering red flags (PDF) would think twice before falling for these scams. The link goes to a complimentary job aid that you can print out and pin to your wall. Feel free to distribute this PDF to as many people as you can.Let's stay safe out there,Warm regards,Stu SjouwermanFounder and CEO, KnowBe4, Inc.
Technology companies come and go, but Bit by Bit backs its service with 30 years of experience helping businesses achieve their goals with reliable IT solutions and support. We were established in 1987 as a database application development and networking company, and since then we’ve evolved into a full-service IT firm and leader in delivering powerful and cost-effective technology solutions. visit our site at www.bitxbit.com
Friday, July 21, 2017
Monday, July 10, 2017
What is Spear Phishing and How Can You Stop It
If you have spent any time online, you
have probably seen your fair share of fraudulent emails. From free offers on
the latest wonder drug to information about the newest miracle diet, these emailed
come-ons are everywhere, and clicking on them could compromise your security,
or even your identity.
These phishing attacks have been around
for quite some time, so long that many users have learned how to tune them out.
With so many online users deleting, or simply ignoring, these run-of-the-mill
phishing emails, scam artists have ramped up their efforts even more, and the
result is an emerging threat called spear phishing.
As the name implies, spear phishing is a
form of phishing attack, but it is highly targeted and can be much harder to
detect. Instead of sending out millions of identical emails touting the latest
miracle diet, spear phishing attacks target a much smaller audience.
Using emails that appear to come from a
reputable source, like an employer or trusted friend, these spear phishing
attacks seek to evade spam filters and jaded internet users alike. Even savvy
computer users have been fooled, and if you do not know what to look for, you
could be the next victim.
One of the things that distinguishes spear
phishing from its less sophisticated counterpart is its level of
personalization. Instead of the standard Dear Sir or Dear Madam, the scammer on
the other end of the spear phishing attack calls you by name. The attacker may
even know where you work, or the names of people in your network.
That personalization can throw even the
sophisticated user off guard and cause them to lay down their defenses. That is
why it is so important to review any incoming messages carefully, looking for
signs that the person or organization on the other end is not who they claim to
be.
From obvious mistakes like spelling errors
and grammatical problems to company logos that just do not look right, there
are a number of things to watch out for. Users should also be wary if the
message asks for personal information like account numbers of Social Security
numbers - these are things that should never be sent via email.
Last but not least, if you have even the
slightest suspicion that a genuine-looking email is actually a spear phishing
attack, contact the supposed sender to verify its authenticity. You can never
be too careful in this world of rampant identity theft, ransomware attacks and
other online dangers.
As with any online threat, prevention is
the best defense. Spear phishing scams often use the information people post
online against them, creating convincing messages that can fool even the most
vigilant. If you want to protect yourself, take a few minutes to review your
online presence, including information you have already shared. Sharing your
email address, or the email addresses of friends and family, online can be
quite dangerous, as can revealing personal details, like pet names, birthdates
and the names of your children. Since these details are often used as challenge
questions and in online profiles, sharing them on social media could put you at
risk and open you up to the threat of spear phishing.
Spear phishing is not going away any time
soon, and the best defenses are vigilance and common sense. Be wary of requests
coming in through email, watch what you share and trust your intuition. Think
before you click, and use your own common sense to protect yourself, your
identity and your data.
Robert Blake
www.bitxbit.com
800.860.5831 x190
Subscribe to:
Posts (Atom)
-
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831
-
What is SOC-as-a-Service? By Robert Blake Having a Security Operations Center (SOC) in-house is expensive for the average business. Large ...
-
In an era dominated by technology and interconnectedness, the importance of cybersecurity cannot be overstated. With the ever-evolving lands...