Blog

Little Phish in a Big Scheme

Apr 11

Written by:
4/11/2011 12:58 PM

As a follow-up to last week’s article on the recent Epsilon breach, we did want to spend a little bit of time focused on the potential real threat: financial phishing and spearphishing attacks.

Let’s call that last article “Sit Tight and Don’t Panic.” And let’s call this one “ Be Smart and Do Your Homework.”

By homework, we simply mean doing a little extra checking before you hand over sensitive information through a phishing email. Things like your credit card number, social security number and bank account number are the kinds of information that you should guard at all cost, because social engineers can quickly ruin your life with access to one or more of them.

Think about it this way. Imagine if a bum off the street ran up to you and said “Hey! I’m in a position to give you a whole bunch of money if you will just tell me your bank account number!” Would you enthusiastically hand over your wallet?

Well, of course not.

Now let’s assume it wasn’t a bum. This time, it’s a clean-shaven man in a nice suit, who just happens to be wearing a nametag from your bank. Now what do you do?

Assuming you are like most people, you would still run the other way. No matter how official he may look, the man is a stranger and worth checking out before engaging in any exchange of information.

And emails are the same. They can be dressed up or dressed down. They can be very urgent or casual in tone. And they often look very official with approved logos and embedded links that mimic real websites. Just remember: the person behind that email is a stranger and needs to be checked out first.

So here are some tips to avoid falling prey to a phishing or spearphishing scam:

1) Be skeptical of all emails. Remember: stranger danger!

2) Be wary of attachments. If you weren’t expecting an email from this person with an attached document, then just don’t open it.

3) Ignore commands and requests for action. No matter how urgent they may seem, you should disregard any requests that you immediately provide information until you’ve checked everything out.

4) Check out the link. Almost all phishing/spearphishing emails try to get you to click on a link—so just take a gander at the link’s true destination by mousing over it.

5) Use the phone. Try contacting the sender by telephone. If the email is from your “bank,” then you should be able to get the truth pretty quickly. And if you cannot get in touch with the sender, then delete the email and forget about it.

Remember: a legitimate business or financial institution should never ask you to provide sensitive information through email. So slow down, take a deep breath, and think about what you are doing before you offer it up to a social engineer on a silver platter.

Blog Search

KeywordsPhrase

RocketReady Twitter

Twitter Updates

Keep Your Android Healthy! http://t.co/jVCIkhRn about 1 months ago reply
Let's review the top 5 security breaches of 2011. Surprisingly, employees were the biggest losers (of information). http://t.co/Kl0MBBPk about 4 months ago reply
Click here to find out how to recycle your way to a security breach. http://t.co/mMQRNzgR about 5 months ago reply
That guy that just followed you in from the parking garage could be a social engineer—and you just held the door open. http://t.co/C8EcCgVN about 6 months ago reply
Yes...the name is ridiculous. But “vishing” is a serious threat. http://t.co/aCWncSwE about 6 months ago reply