What is Phishing?
The term “Phishing” is likened to “fishing” for confidential information. It is a form of criminal activity designed to steal your valuable personal or financial information electronically through emails, fraudulent websites, social networking websites, instant message programs, cell phone or other mobile devices.
Oftentimes, Phishing scams rely on placing links in email messages, on web sites, or in instant messages that seem to come from a service that you trust, such as your bank. Phishing mail often includes official-looking logos and other identifying information directly from legitimate web sites, or it may include convincing details about your personal information found on a social networking site. The scam artist may place a link or pop-up window in the email that appears to go to the legitimate web site, but actually takes you to a phony scam site.
How can you tell if an Email Message involves Phishing?
Typically, fraudulent emails appear to be coming from legitimate companies. They could warn you of an urgent problem with your account and trick you into clicking on a link that subsequently opens up your computer to hackers. The following are some phrases that are telltale signs of Phishing:
- “Verify your account” – companies should not ask you to send passwords, login names, Social Security Numbers, or other personal information through email. If you receive an email from a company asking you to update your credit card information, do not respond.
- “If you don’t respond within 48 hours, your account will be closed” – these seem like urgent messages so that you will respond immediately without thinking. Phishing email might even claim that your response is required because your account might have been compromised.
- “Click the link below to access your account” – once you click on the link, it may take you to a phony site that asks you to complete forms and provide personal information to update your account. You may not be aware of this since the link may include a similar logo or appearance of the legitimate site.
How can I protect myself and my company from Fraud?
Look out for Email Fraud – learn how to identify a Phishing email which may have the following features:
- Generic greetings such as “Dear user” or general information within the email.
- Company logo or other identifying image may be slightly distorted or different from the original company image.
- The links embedded on the email does not match the URL of the legitimate site.
- Email may be threatening, harsh, demanding and scary, forcing the user to comply immediately with the instructions in it.
- An attachment comes with the email asking users to click on it, which will launch a virus or spyware on your computer.
Spot Website Fraud – emails may direct you to a bogus website that is often very convincing. Beware of these telltale features:
- The site threatens to shut down your account unless you verify your personal information.
- The site returns an error message and asks you to log in.
- The URL in not quite right, does not match the bank’s website, or contains transposed letters and/or unrelated symbols such as @ % $.
- The website logo or identifying image is distorted or stretched, indicating that it has been copied and tampered.
- There are spelling and grammatical errors in the website.
- Telephone numbers on the website differs from the published phone numbers of Bank of the Orient.
Tools for Security
- Use antivirus software on all servers, desktops and laptops. Check for new virus definitions daily and scan your system weekly.
- Stay up to date with software and security patches to protect against intrusions and infections that can lead to the compromise of your computer files or passwords.
- Use a firewall program on every computer and, install a network firewall if possible. The firewall program will allow you to stop uninvited access to your computer. Not having it will make it easier for hackers to take over your computer, access the personal information stored on it, or use it to commit other crimes.
- Use a secured private network (VPN) over a wireless network to prevent hackers from intercepting your data.
- Look for website privacy policies. They should answer questions about maintaining accuracy, access, security and control of personal information collected by the site. They must also state how your information will be used and if accessed by third parties.
- Delete all personal information from your computers prior to discarding them.
What can I do to enhance my company’s security?
Employee Security – include your employees in creating or modifying your security plan. This will make them feel involved in the process and they are more likely to observe your policies.
- List all the ways your business collects, uses and stores customer and business information.
- List who has access to customer and business information.
- Train everyone on your list to protect sensitive information. Give incentives to employees who alert you of vulnerabilities.
- Keep employees updated on new risks and threats. Conduct periodic training or workshops on security awareness.
- Newly hired employees must undergo background checks, particularly those who will have access to sensitive information within the company.
- Get expert technical help from reputable vendors. Networking is a good way of reaching out to your industry peers for updated information regarding information security.
Workplace Security – always keep your business confidential. This can be achieved by following these simple steps:
- Handle documents with care. Place them out of sight when you are away from your desk. Follow the “clean desk” policy.
- Lock your laptop or desktop PC when away from your desk. Don’t give thieves an open invitation to copy your files or steal your laptop. Store it in a locked cabinet, if necessary.
- Shred all documents that contain confidential and personal information. Do not let dumpster divers turn your trash to cash. If needed, have a destruction company pick up your documents which are kept in locked shred bins for disposal.
- Pick up mail promptly. Do not leave them in overnight pick-up bins for thieves to steal sensitive information.
- Keep your voicemail short. Avoid leaving detailed messages involving sensitive information which may be overheard by a third party at the other end.
Computer Security – the following basic tips to keep your computer experience secure:
- Protect your personal information. Do not give them to anyone you don’t trust, especially if the request is urgent or threatening.
- Know who you are dealing with. Don’t open unsolicited emails. Do not open attachments from people you do not know. Do not click on pop-ups or other links.
- Always install anti-virus and anti-spyware software. These softwares are the best way to protect your computer against viruses, worms, Trojan horses. Keep it updated and scan regularly.
- Use a firewall. You should install a personal firewall on every computer and remote device to block internet intruders.
- Use strong passwords. Use a combination of upper and lower case letters, numbers and symbols. It is recommended that you use a minimum of eight characters.
- To safeguard against fire, flood or other disaster, backup important files. Copy them onto a disk or flash drive and store them in a secure place in a different building. For larger operations, you can contract a vendor to save and store your network files for you.
- Put an action plan in place in the event that a security breach occurs. Scan for a virus, report fraud to the appropriate authorities. Follow your security policy.