Around the holidays, even throughout January – and most certainly during the thick of tax season – you may see an uptick in phishing attempts with scammers spoofing (pretending) to look like colleagues, friends, family. The Federal Bureau of Investigation (FBI) in recent months released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use a victim’s credentials to replace legitimate direct deposit information with their own account details. Some email phishers will not focus on pay scams, rather they will talk about wire transfers or even gift cards.
If you see anything phishy, CompuData’s email security team advises you to first call or text the person who requested any information from you – just to rule out the chance that the email was (it probably was not) legitimate. Additionally, here are some ways to prevent these attacks, keeping in mind that it is vital to educate your staff on how to detect phishing attempts. All email users should be educated on how to spot these attacks.
- Keep an eye out for unexpected attachments – if you get an email about a scan or invoice you don’t recognize, it may be malicious. Be careful of unknown senders – if the email is sent from an unrecognized or unprompted account, don’t open any attachments or click on any links.
- Be wary of emails asking for confidential information – especially information of a financial nature. Most organizations will never (N-E-V-E-R) request sensitive information via email, and most banks will tell you that they won’t ask for your information unless you’re the one contacting them.
- Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly via phone to confirm the authenticity of their request.
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them. Some phishing emails begin with Dear Sir/Madam, and some come from a bank with which you do not even have an account. One type of attack (called spear-phishing) will request a wire or money transfer sent immediately. Always follow up with a phone call (even if the sender is familiar) if they are asking for any type of money transfer or financial information.
- Never submit confidential information via forms embedded within email messages. Senders are often able to track all information entered. While you’re at it, never click on links in an email to connect to a website unless you are absolutely sure they are authentic. The links may show the text of a legitimate website, but may point to a malicious one. Hover over links to make sure they are real before you click on them.
- Get Help! If you are ever unsure of an email or attachment, you should call CompuData and ask a technician for assistance! We can help identify if it’s Phishing Attempts.
CompuData’s IT support plans give you peace of mind in knowing that, no matter what your IT threats may be, you have an award-winning IT team behind you. Get access to remote Help Desk support, infrastructure management, firewall and virus protection, WAN/LAN health monitoring, a fully secure virtual environment, disaster recovery, scheduled on-site support and more – all focused on keeping your data safe, secure and accessible 24/7.