Business Security Information

Scams abound in today’s society, but the scams of today are not that different from those of the past. The only difference is the method of delivery and the number of people that can be reached at one time.  Today’s technology now allows large numbers of people to be reached all at once through “phishing,” one of the most popular scams.  Phishing is a form of e-mail fraud in which the scam artist tries to obtain personal and financial information from someone.  It generates millions of dollars even when only a low percentage of people respond to the phishing e-mails.

How does a typical phishing scam work?  It starts with the scammer sending you an e-mail that appears to have come from a bank, government agency, or other reputable company.  Some examples are your mortgage company, a bank, the IRS, Paypal, E-Bay, or other types of businesses that people setup on-line accounts with.  The e-mail usually always has some urgent message in it that requires you to respond to stop an account from being closed, to reopen a closed account, to stop a government agency from taking some action or to allow them to take action such as sending your tax refund check or other similar types of issues.  There is no limit to the type of messages that may be contained in these phishing e-mails.  The e-mail usually contains a link for you to click on so you can correct the situation.  The link will take you to a fake or forged website that appears to be the site of the company or government agency that supposedly sent the e-mail.  In reality, the website belongs to the scam artist.  Once at the fake site, you are asked to enter some personal or financial information to correct the situation.  When you submit the information, the scam artist can then use the information to either steal your identity or to gain access to your account(s).

These type of scams can be done in conjunction with other fraud methods.  Instead of an e-mail link, it could contain a phone number to call where personal information is then requested.  The phone number is usually fake such as was described in the VOIP Phishing scam article that I wrote about a couple of days ago.  VOIP Phishing is very similar to a regular phishing scam, but the technology involved is different.  Read the previous article for additional details.

Now that you know a little about the scam and how it works, what can be done to protect yourself and your business?  This list will provide some basic measures that you can implement to protect yourself from these types of fraud.

1. Don’t use the links embedded in the e-mail.
2. Ignore these type of e-mails. If you are concerned that an account may have an issue, pick up the phone, call the regular customer service number, and talk to a real live person. Just double check to make sure you are calling a correct number.
3. Do not give out personal or financial information.  The company already has your information to authenticate who you are. They would not need your social security number, account password or other similar type of information.
4. If you do click on the link, make sure it has the lock in the lower right hand side of your browser.  The lock indicates that SSL encryption is being used to protect any information you may be entering.  The web address will also have HTTPS in front of the web address, indicating SSL encryption, instead of just HTTP.
5. Also, to verify that you are at the real website double click on the lock icon on the lower right hand corner of your browser and it will open up showing the website’s security certificate.  If the name on the certificate is different then the website address then it is most likely a fake site.  Time to run and get away from the site.
6. Another neat method to protect yourself and to make sure you are on a legitimate site is to enter a fake username and password.  A real site will state that you have entered a wrong username or password, but a fake site will accept it.  Once the wrong name and password has been entered, you will usually be redirected to a page that states some type of technical problem.  This happens because, on a fake site, there is usually nothing to the website beyond the home page, and the whole purpose of the site to to collect your information.
7. Always use different passwords for different sites.  When you use the same password on all or most of your accounts, the scam artist is more likely to be successful in gaining access to your other accounts.
8. Follow the old saying:  if it sounds to good to be true, it usually is.  Do not be taken in by phishing e-mails that promise money for filling out surveys.  The surveys usually ask a lot of questions that seem harmless, but within the survey, there is usually a couple of questions that ask for personal information that the scam artist can use.
9. Always log out of your account once you are finished.  Do not just close the browser.  This is especially important when using a shared or public-use computer.
10. Use anti-phishing browser extensions which will give you a visual indicator of whether the website may be a phishing or fake website. Google’s or Netcraft’s are examples.  In addition, browsers such as Firefox have built-in phishing protection.  Look under the security preferences of the browser to see what is available and turned on by default.

These are just a few of the ways that you can protect yourself and your business.  Stay informed by subscribing to this website and make sure you implement some of the methods noted in this article.

Related posts:

1. New Twist in Phishing Scam
2. VOIP Phishing Scam
3. Changes in Spear Phishing Attacks