In the midst of the holidays, we wanted to wish you a happy – and safe – holiday season. Unfortunately, this season brings with it a significant increase in cybercriminal activity. We hope that you will remain vigilant.
To aid you in this, we refer you to the following information from the Northern District of Texas, United States District Court, via Debbie Kreigshauser, FAPR, RMR, CRR, CLVS, CRC, a member of NCRA’s Technology Committee. The court informed its staff: “As in prior years, phishing attacks remain the most prevalent form of cybercrime. In fact, phishing attacks are the most common delivery mechanism for malware and, according to the FBI Internet Crime Complaint Center (IC3) Internet Crime Report, the costliest to organizations.”
Here are a few of their suggestions:
· Never click on ads or email links for deals that are too good to be true.
· Purchase from online retailers by navigating to their site directly using your web browser, not through links in email messages.
· If you are shopping with a mobile device, use the official mobile app for the company.
· Only shop from popular retailers that you know and trust.
· Only shop online while you are on a secure Wi-Fi network (no public Wi-Fi networks) and only shop on websites that have “https” in the website URL. It is never safe to submit payment information or login credentials on non-secure websites or public Wi-Fi networks.
Charity or Donation Requests
· Never give your credit card information over the phone to anyone who calls you unexpectedly.
· If you receive an email from a charity or non-profit requesting donations, review the links, the sender address, and other email components to ensure the email is legitimate. Additionally, follow up with a phone call to confirm the organization’s legitimacy.
· When donating, use your web browser to go directly to the charity or non-profit’s official website. Most have methods to donate securely through their site.
Delivery or Shipment Notifications
· Look closely at delivery and shipment notifications to make sure they are legitimate.
· If you shop online, go directly to the store websites to track your orders and shipments rather than clicking email links.
Counterfeit Receipts or Financial Statements
· If you receive an email receipt from a company, even one you buy from regularly, look at it closely before clicking links or opening attachments. If you do not recognize the purchase, do not click anything.
· Remember that many phishing emails attempt to shock you into clicking without thinking. So, if you see an email receipt with a very expensive total or receive a late payment email message from a financial institution, call the institution to confirm the email’s legitimacy.
Below are some email security best practices to help prevent you from becoming a victim of a phishing attack.
Message Sender Verification
If you receive an email asking you to click a link, enter credentials, send money, etc., verify that the message came from the alleged sender. For example, if the email purportedly comes from a financial institution that you interact with and believe the message could be legitimate, call the institution and verify that the email originated from them.
Before clicking a link in an email message, hover over the link to verify that the destination URL corresponds to the link location described in the message text. An even better approach is not clicking the link and navigating to the sender’s site directly in your browser.
Never open an attachment that you are not expecting. Even if you recognize the sender, call them to verify that they sent the attachment.
Never Enter Credentials
Many phishing schemes attempt to trick recipients into clicking a message link that directs them to an attacker-controlled counterfeit webpage that usually mimics a legitimate financial institution’s login page. The attacker hopes that the recipient unknowingly enters their credentials believing that the site is their financial institution’s site. Again, as mentioned above, do not click the link; use your browser to access the website directly.