SPAM & PHISHING
Cybercriminals have become very savvy in their attempts to lure people in and get you to click on an infected link or to open an infected attachment.
The email they send can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business.
It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or another matter.
If you are unsure whether an email request is legitimate, try to verify it with these steps:
- Contact the company directly;
- Contact the company using information provided on an account statement or back of a credit card;
- Search for the company online – but not with information provided in the suspect email;
- We do not recommend accepting phone calls from these folks – hang up and call the company back directly.
Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unsolicited – email.
Here are some ways to reduce spam:
- Enable filters on your email programs: Most ISPs (Internet Service Providers) and email providers offer spam filters. However, depending on the level you set, you may wind up blocking emails you want. It’s a great idea to periodically check your junk folder to ensure the filters are working properly;
- Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox;
- Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information;
- You may be asking, “How do I do this?” If you have any questions on how to set all of this up to work for you – please reach out to Symposit @ firstname.lastname@example.org and request a technician to assist you with how you may help shield yourself from many of the online bandits. There are some links below to help steer you to some of the Spam/Phishing reporting with Social Media sites, as well.
What is Phishing?
Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.
What is Spear Phishing?
Spear phishing is highly specialized attacks against a specific target or small group of targets to collect information or gain access to systems.
For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.
The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.
Spam & Phishing on Social Networks
Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.
Here are ways to report spam and phishing on social networks:
- Reporting spam and phishing on Facebook
- Reporting spam on Twitter
- Reporting spam and phishing on YouTube
How Do You Avoid Being a Victim?
- Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email;
- Before sending sensitive information over the Internet, check the security of the website;
- Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net);
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group. Report phishing to the Anti-Phishing Working Group (APWG);
- Keep a clean machine. Having a current operating system – not one that has been marked EOL (End of life, like Windows XP), web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.
What to Do if You Think You are a Victim?
- Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity;
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s);
- Watch for any unauthorized charges to your account;
- Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the FBI’s Internet Crime Complaint Center.
- We live in a world where Internet threats are increasing and becoming harder to detect;
- Gone are the days that you can simply sit back and hope that your Security Apps perform all the work for you;
- You will need to become more involved with the Security of your system or you can contact a company that specializes in Online Security to help you understand what the risks are and how to mitigate those risks;
- Symposit LLC performs Managed Services for SMB (small-to-medium sized businesses) and we have a great track record helping to identify, eliminate, educate and follow-up with these types of Internet-based threats.
some content reposted from staysafeonline.org