We’ve recently had a user who was informed through email of a problem that was discovered on their computer and requested to call “Microsoft” at a provided telephone number to correct the issue. Once connected to the fraud on the other end of line they were asked to supply information on their system and setup a remote session so the problem could be addressed. After gaining access all sensitive information was stripped off the computer: bank accounts, credit card information, social security number, contact file, etc.
The most common response we have received from victim’s over the years after realizing they’ve opened an infected email is, “I thought it didn’t look right…. but I was busy…. not really paying attention”.
The importance of maintaining attentiveness while reviewing your emails cannot be overstated. If you get an email where the subject line is ‘account needs attention’ from a bank, or any other common organization, the first question to ask your self is whether you have a on-going relationship with the sender? If the subject is ‘regarding your recent shipment’ from FEDEX or another carrier, question whether you even have an active shipment. If the subject line is ‘send a payment to (a known vendor)’ sent from a familiar email address like your boss, stating to forward an ACH payment, you need to ask yourself whether this is usual and customary? If common in your operations, implement verification policies for all payment directives or sensitive data requests.
Typically this form of ‘phishing’ requests you ‘click’ on a link to get more information, or contact someone at a supplied telephone number to resolve the problem…..DON’T!
Be aware … think before acting….or more commonly reacting!
What you can do?
You can right click on the senders email address and under properties find the actual address of the sender. In Outlook right click on the unopened email and look under message options for the actual header listings of the email. Are they reflective of the apparent sender?
Also, contact the indicated sender you believe the email to be from directly not through a number provided and ask if they have recently sent out an email regarding your account, computer, shipment, etc….chances are you’ll hear….”we never send out emails of that nature”.
Protecting personal and business information requires more than a singular solution; virus, spam and malware scanning in addition to firewall site-scanning security applications are of great benefit, but most importantly the last line of defense is the user themselves…