Franchise Update Media
Franchise Update Media Digital
Publications
Conferences Education Videos Subscribe
Advertise

Phishing - Don't Get Hooked!: The Basics on Avoiding this Old-School Scam

Phishing - Don't Get Hooked!: The Basics on Avoiding this Old-School Scam

Phishing may be old news, but it still works. Ongoing about phishing scams is essential for anyone who uses your system. It doesn't matter if you have the most secure system in the world. It only takes one untrained employee to be fooled by a phishing attack and give away the data you've worked so hard to protect.

As part of your security awareness program (PCI requirement 12.6.1), your personnel should be trained at least annually on phishing. I recommend sending monthly memos, or displaying a poster outlining the telltale signs of a phishing attempt. (You can also hang this article in your break room!)

Phishing continues to remain a lucrative criminal profession in our email-packed world. Hackers send out more than 150 million fraudulent emails daily, hoping just a few will click on attached links, documents, or pictures (80,000 people fall victim to these scams each day).

The hackers' goal is to convince recipients to willingly provide Social Security numbers, passwords, banking numbers, PINs, and credit card numbers. Once the malevolent link is opened, hackers create new user credentials or install malware into your system to steal sensitive data. But there are ways to defend against phishing emails.

Phishing has many different Sometimes cybercriminals trick recipients into opening an attachment that loads harmful malware onto their system. Other times, they trick recipients into providing sensitive personal information directly through bogus online web forms. The most successful phishing emails (because they look legitimate) appear as though they originated from reputable companies like Best Buy, Amazon, USPS, DHL, and PayPal. Here are some very tricky phishing scenarios I've seen in my own email.

  • Your friend sends you an email telling you he's in a foreign country and desperately needs money. Your friend's email contact list was probably hijacked.
  •  An online retailer emails you to let you know an item you purchased online cannot be shipped because your credit card has expired, or your billing address isn't correct, etc. If you click on the provided link, it takes you to a spoofed website and asks for updated payment/shipping information.
  •  The IRS emails you to let you know you are eligible to receive a tax refund. It then asks you to submit a tax refund request or tax form. The IRS would never require you to send your tax form by email.
  •  Your bank is conducting a routine security procedure and asks you to verify your account by emailing them back with your information. This scam is especially effective if you happen to be a customer of the particular bank portrayed in the email.

It's often difficult to distinguish a fake email from a real one. However, most fakes have subtle "phishy" hints. Here are some ways to recognize a phishing email:

  •  Requests sensitive information. Chances are if you receive an unsolicited email from an organization that provides a link and asks you to provide sensitive information, it's a scam.
  •  Odd domain names. Don't just check the name of the person sending you the email. Check their email address by hovering your mouse over the "From" address. Make sure no alterations (like additional numbers or letters) have been made. For example: michelle@paypal.com vs. michelle@paypal2.com.
  •  Grammatical errors. Possibly the easiest way to recognize a "scammy" email is bad grammar. An email from a legitimate organization usually is well written.
  •  Unsolicited attachments. Typically, authentic institutions don't send you attachments, but instead direct you to download documents or files from their own website. High-risk attachment file types include .exe, .scr, and .zip.
  •  Links don't match URLs. Just because a link says it's going to send you to one place, it doesn't mean it will. If the link text isn't identical to the URL displayed as the cursor hovers over it, that's a good you will be taken to a site you don't want to visit.

If you get a phishing email

  •  Don't click on any links, open attachments, or expand any included pictures.
  •  Don't reply to the sender.
  •  Forward the e-mail to the FTC at spam@uce.gov.
  •  Delete the email from your computer.
  •  If you do legitimate business with a company mentioned in the phishing email, call them on their nationally published telephone line and ask if they would like you to forward the email so they can take further action.
  •  If the email appears to originate from one of your credit card companies, call the telephone number on the back of your credit card--not a phone number listed in the email. Their customer service agent will be able to tell you whether or not the email was legitimate.

David Ellis is the director of forensics investigations at SecurityMetrics and has more than 25 years of security experience. SecurityMetrics is a data security and compliance company offering security consulting, products, and services for businesses worldwide. For more information, visit securitymetrics.com or call 801-995-6858.

Social Reach:

Viewer Response:

comments powered by Disqus
 

Hot Opportunities

Doc Popcorn Franchise Opportunity

Doc Popcorn
Doc Popcorn is revolutionizing the way people snack in high-traffic...

Add
Oxi Fresh Franchise Opportunity

Oxi Fresh
OXI FRESH is a GREEN Carpet Cleaning Franchise and one of Entrepreneur's...

Add
Papa Murphy's Take 'N' Bake Pizza Franchise Opportunity

Papa Murphy's Take 'N' Bake Pizza
The world's largest, fastest growing Take 'N' Bake pizza franchise is...

Add
Jimmy John's Gourmet Sandwich Shops Franchise Opportunity

Jimmy John's Gourmet Sandwich Shops
Jimmy John's franchise success is built upon an unyielding commitment to...

Add
Bricks 4 Kidz Franchise Opportunity

Bricks 4 Kidz
Bricks 4 Kidz provides project-based programs designed to teach principles...

Add
Pizza Hut Franchise Opportunity

Pizza Hut
This is your opportunity to invest in Pizza Hut and other big, category...

Add
Pump It Up Franchise Opportunity

Pump It Up
If you love the idea of owning a small business and you enjoy the thought...

Request Information
Wing Nutz Franchise Opportunity

Wing Nutz
Wing Nutz is truly changing the way America eats its meals and drinks its...

Add


The Franchise Buzz:


A Franchise Update Media Group Production Franchise Update Media Group | P.O. Box 20547 // San Jose, CA 95160 // PH. (408) 402-5681
Copyright © 2001 - 2014. All Rights Reserved. Site Hosting Provided By: wishVPS on FUMG3
0
Your Request List:
No Opportunities Saved