With the continuing phishing and ransomware attacks it makes you stop and ask the question: “Is that Really You?” How do you know who is making the request, asking for money, sending you a link to update your information or asking to reset your password?
Before we dive into this topic, I’d like to thank our Team for keeping our plan of action updated to protect organizations to keep their businesses up and running. The AlphaKORians ROCK and recently named Tech Company of the Year! We are humbled to be recognized and proud to be many organizations' Trusted IT Advisor.
Beware Of Ransomware
Ransomware is where your computer systems are hijacked and you are locked out. You have to pay thousands of dollars to unlock your data. Back-up, check and test your back-ups on a regular basis. Call your IT Trusted Advisor for help before doing anything else if you are hijacked.
The advice we have been giving all along is to be extremely suspicious of all e-mails received, particularly those that ask you to open attached documents or click on Web links. For Web links, right-click on it to check what address comes up. You may find it is actually another site. Do not click on it!
Password Breaches
Let’s use a bank as a scenario to consider. First off, no bank will send you an e-mail asking you to reset your password or advise you of a breach on your account, your debit/credit card. The banks, like many organizations, will call you when such an incident may occur. Is it really them calling? (a topic for another day). Call your bank direct or call the number on your debit/credit card to verify if there in fact was a breach.
For argument's sake, we believe the e-mail with the breach and the link to update your bank information is legitimate, now what? Don’t click on the link. Let me repeat that: Don’t click on the link. Go to your Bank secured login website, enter your credentials and see for yourself if all is in good working order. It is important not to click on the link or cut and paste into your browser. Type in the website address in a new browser just to be safe.
Have You Been Spoofed?
The other occurrence we see is Identity Theft or Spoofing of an e-mail account. We have worked with some organizations thinking they were dealing with an owner, manager, co-worker or trusted person when in fact it was a complete stranger posing as the trusted person. How is this possible?
When you hit Reply, check out the e-mail address you are replying to. It was sent by “Frank Abbruzzese” a person you know and trust, however, when you hit reply, it may show something like this:
Frank Abbruzzese (someguypretending@somewhere.com). Don’t laugh! This is actually happening, albeit, not so obvious as my alias to get my point across. If you still feel this is a legitimate address for this person, maybe it’s their personal e-mail account, you can start a new e-mail and send it to them to say I received an e-mail asking to wire you money or you can call/text the person.
Let's Go Phishing
This is common when people are travelling and a message is sent something to the effect “I’ve run into some trouble on this trip while on vacation and need $10 000 wired to my personal bank account.” If it is urgent, out of the ordinary, too good to be true or just does not seem right, stop and question it.
Yes, this is actually happening. We have assisted some who did this unfortunately with even higher amounts of money. During our investigation, we ask a lot of questions. Most of the time the person who wired the money replied with they thought it was a strange request, no the person does not normally ask for money but they are an owner so it was sent to their bank account. When we drill down, we find out it was an alias e-mail account and the money was sent offshore. That money is long gone and you are not going to get it back.
Go Slow To Go Fast
My words of advice: slow down, read what you are being requested to do, look at what the link actually shows, right-click it and see if it makes sense or not. If it does not make sense, question it, do not proceed, check who you are replying to by reading the full name as illustrated above. Pick up the phone and call the person directly to ask if they sent it.
Protect yourself, your data and your organization by keeping your cyber tools and strategy updated. Work together with your IT Team and your IT Trusted Advisor to ensure your organization keeps your cybersecurity strategy updated.
(Originally published on 05.18.22)
No comments:
Post a Comment