In the past few months, All Mountain Technologies has seen a surge in email phishing attempts. Phishing is the fraudulent practice of sending emails claiming to be from trustworthy companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Cities are not the only targets and our Valley is certainly not immune to phishing attacks. Industries like healthcare and hospitality are especially good targets because of their databases of sensitive data. Educating your staff on what to look for when receiving a suspicious email is the #1 way to prevent an attack. We’ve put together tips on what to look for and how to verify an email’s legitimacy.
Check the Sender Domain
Cyber-criminals often spoof the display name of an email to imitate a reputable site. You may see your bank’s name or Microsoft in the domain. Don’t trust the display name unless you recognize it. That means the entirety of the domain. Below, “My Bank” does not typically send emails from “secure.com”. Contact your bank to confirm legitimacy. Also check for spelling errors in the domain. If it appears different than usual in any way, don’t open the email.
Think Before You Click
When you are on a trusted site it is fine to click on links. Clicking on links that appear in random emails is not recommended. Hover over links that you are unsure of before clicking on them. Make sure the link leads to where it is supposed to. Phishing emails are designed to look like they are coming from a trusted company. Taking it a step further, cyber-criminals create websites to look real. You may land on a site that is set up to look legitimate, but it is an imitation website to gather your data.
Beware of “Dear Customer”
Phisherman and spoofers are highly skilled when writing emails. They try to get as intimate as possible and may start an email with “Dear Customer” or call you by name “Dear Allie”. When in doubt, go directly to the source rather than clicking a potentially dangerous link.
Verify a Site’s Security
Whether you’re buying concert tickets or making an online deposit, check that you are on a secure website. Check the site’s URL for “https” and there should be a closed lock icon near the address bar.
Also check for a site’s security certificate. If you get a message warning a website may contain malicious files, do not open the website. Never download files from suspicious emails or websites.
Change Your Password Frequently
This is a simple way to increase security. We recommend you change your password(s) every 90 days. If your passwords were not changed on a regular basis, your familiarity with your password would eventually lead to its compromise. Once another person has acquired your password, they can use your computer account.
Never Give Out Personal Information
You should never share personal or financial information over the internet. This general rule has been in place since the beginning of the Internet due to the success of early phishing scams. Do not send credit card info, a social security number, or any other sensitive data to ANYONE (even a trusted friend or coworker) through ANY platform (email, Facebook messenger, etc.). When in doubt, call and give the information over the phone instead.
When partnering with All Mountain Technologies as your technology solution, you have full access to cybersecurity training including end-user awareness training. If you have any questions, comments, or would like additional information on our services, contact Allie Yazel, Marketing Coordinator at firstname.lastname@example.org.