You’ve heard the warnings. “Don’t open attachments from people you don’t know” and “question emails from unknown senders” – these are basic rules of internet safety. But what about emails from people within your organization? Would you think twice about a request to download an attachment from a coworker? Would a request for a wire transfer from your CFO raise any red flags?
Unfortunately, scammers are now showing up as familiar names in your inbox. Hackers are only getting more advanced with their attacks and they know more about you than you think. Phishing, in general, is the act of tricking someone into clicking on something. More specifically, spear phishing is targeting a specific individual based on public information. You would be scared to learn how simple it is for a hacker to “spoof” an email address, meaning have it appear to be from any email address they choose. It’s even scarier to think how easily a hacker could pull your name and title from your company website and send an email to your coworker acting as you.
We are seeing more and more of these emails get through even the most advanced spam filters simply because they have the appearance of a legitimate internal email. For this reason, it’s extremely important that you question every email, especially ones that involve a request for money or ones that ask you to click on a link.
One way to avoid being a victim of a phishing attack is to never open or download an attachment that you aren’t expecting, regardless of the sender. Microsoft Word files are often used by hackers because they can run macros. Macros are used to create shortcuts within Word, and can also be used to write viruses. If you open an infected Word document, the virus will automatically activate. If someone in your company sends you an attachment, call or send a separate email to verify that it really came from them.
Another way to protect yourself is to not allow mobile apps installed on your cell phone access to your contact data. A good rule to remember is “if an app is free, you are the product.” This is not to say that all free apps are intentionally malicious, but they have a better chance of having an insecure network. If you allow this app to have access to all your personal information and contacts, then you are potentially handing over your information to any hacker that can get into their network.
Another safety precaution to take is to always use BCC (Blind Carbon Copy) when copying multiple contacts on an email. When you use the CC field, the recipient can see all the contacts copied on the email. If you email someone who has a virus or malware, you are sharing your name and your contacts with the hacker. Protect yourself and your identity by keeping your contacts private and using the BCC field.
