Phishing: Constant Vigilance

||Phishing: Constant Vigilance
2018-11-21T16:22:32+00:00 21/11/2018|Tags: , , , , , |

By: Chris Mermigas, Senior Corporate Counsel, USA Region 

Valid’s different business offerings focus on the secure side of innovation whether it be protecting the identity on a credit card or driver’s license or protecting our clients’ confidential information. In this digital age, a thief is no longer dropping in from the ventilation system to steal files from computers. The thief now manipulates a keyboard or phone from anywhere in the world impersonating your boss, a CEO, a customer, your bank or even a government agent. Such fraudulent identities assumed in emails, sent from seemingly respectable companies or individuals, target unsuspecting users in order to solicit personal and confidential information, or money. This dangerous, widespread practice is known as “phishing.” The two most prevalent forms of phishing in a corporate setting are (1) impersonating a corporate executive asking for gift card, banking information and/or confidential information, and (2) impersonating a reputable company with a hyperlink that, when clicked on, exposes the computer to malicious software and/or unauthorized access.

The first type of phishing – a corporate executive asking for gift card, banking information and/or confidential information – can be difficult to question but easy to identify. Examples of this type of phishing include but are not limited to:

  • An email from a corporate executive requesting gift cards to be mailed to an unknown location or texted to an unknown phone number.
  • An email from a colleague asking you for product samples to be sent to an unknown business or address.
  • An email from a corporate executive or an employee requesting banking information.
  • An email from a corporate executive requesting a wire transfer.
  • More prevalent in personal setting rather than corporate setting: A phone call from the IRS stating that a warrant has been issued against you or a case is about to be filed against you.

These are only a few of the devious ways in which this type of phishing can occur. Sometimes the phishing attempt can be difficult to identify or risky to question. It is not easy for anyone to question a request from a corporate executive or a government agent. However, it is essential that you question anything that looks or sounds wrong, confirm the identity of the contact and don’t be afraid to ask your legal or IT department for assistance.

The second type of phishing – impersonating a reputable company with a malicious hyperlink – can jeopardize the company’s security with a simple click of your mouse. Everyone knows not to take candy from strangers, but in this digital age, never click on links unless you are 100% certain they are safe. Examples of this type of hyperlink phishing include, but are not limited to:

  • A file sharing email asking you to view or review a document.
  • An email requesting the user to view a news story or item.
  • An email that appears similar to a corporate Human Resources system.
  • An email that appears to originate from your bank or credit card company.

Again, these are only a few of the countless variations of deceptive emails that trick the user into clicking on a link that contains malware or redirects the user to a page that requires them to input private, confidential or login information.

There are many ways for a cyber-criminal to breach a secure network or steal information, and there is no fool proof defense to prevent it. There is no guarantee that the corporate IT department can block all the phishing emails, or that your email system can SPAM them. The best defense is constant vigilance, which should include consistently doing the following:

  1. Do not click on links or attachments from unknown senders you do not recognize.
  2. Be especially cautious when opening attachments or clicking on links from external sources from outside the company.
  3. Scrutinize sender email addresses, looking for suspicious or misleading domain names.
  4. Do not provide sensitive personal information in emails (such as usernames and passwords).
  5. Hold your computer cursor over a link to inspect the web address/URL to investigate whether they are legitimate and not imposter sites.
  6. Do not try to open a shared document that you are not expecting to receive.
  7. If you receive an email that does not look right, or if you are unsure of an email’s legitimacy, DO NOT RESPOND. Instead, call the sender on the phone to verify the email or contact your IT Department to investigate.

Phishing has been a serious, constant cyber threat for both personal and corporate systems for many years, and the threat is not abating anytime soon. Moreover, people who phish find devious and nefarious ways to trick people into falling for their scams. It is important to be vigilant and to be mindful about not clinking on unknown links. No one should ever request personal information, usernames, passwords, bank information or money from you via email.