By Shawn Nelson, Director, Information Security,
Glatfelter Insurance Group
Picture this: A person sitting comfortably on the
couch when the doorbell rings. Looking through the
peep hole, a tall man is seen standing there. They ask,
“Who’s there?” The individual responds, “I am with
the cable TV repair service, I need to take a look at
your TV.” Should they let him in and trust that he is
really from the cable company? In today’s world,
most would be suspicious and want to see some type
of identification or even contact the cable company.
Emails, texting, smart phone apps and the Internet have become critical components of daily life. They are primary communication methods in business and personal lives. Email facilitates the fast and busy lifestyle, but how secure is it? Is the sender’s name on the email really who sent it?
The term phishing was coined by hackers in the 1990s in reference to their process of using email to convince recipients into giving up their passwords or financial data. Times have changed and the phishing attempts have become widespread and extremely sophisticated. Some of the emails attempt to obtain financial or personal information, but others are much more mischievous. They are simple mechanisms used to gain access to an individual’s computer and bypass a company’s perimeter defenses. The attachment or link may infect your machine with malicious software called malware. Malware can be used to provide remote access to your system, steal information or even encrypt (make unreadable) the files on your computer and hold them for ransom.
This article will focus on some basic techniques that
can be utilized to determine if an email is legitimate
and the attached files or website links in the email
are safe to open. These simple steps may help you
avoid being the next victim.
Not all phishing emails can be easily identified, but there are
some basic attributes that can be used to raise the suspicion
level of an email. If any of the statements below are true, delete
the email or use extra caution before opening:
- Sender of the email is not recognized.
- Asking for personal or financial information.
- Wants a response immediately or makes an urgent request
- Includes upsetting or exciting statements, which are usually
false, that want the recipient to act quickly.
- Wants the recipient to open an attachment or click on a
website link that was unexpected. This could be to view an
article or video pertaining to any number of intriguing
topics such as current social events, news tragedies or
One of the easiest ways to avoid
falling victim is to delete any emails
that you identify as suspicious. What
can be done if the email looks legitimate
or is from a valid sender? Start
by following the safety tips listed
- Never send financial or
personal information (account
numbers, social security
numbers, credit card numbers,
ID’s and passwords, tax identifier
numbers, etc.) via email
unless using a form of email
encryption. This is a special
type of email that scrambles
the information so only the
recipient can read it.
- Verify that website links embedded in emails are going to
the correct website. Do this by placing the cursor over the
link (do not click on the link). Hovering over the link will
show the real website in a pop-up window or, if using a web
browser it, will be in the lower left-hand corner.
- Contact the sender to verify that the email was legitimately
- Instead of clicking on the email link, manually type in the
valid URL of the website in the web browser.
- Consider using separate email
accounts. One for business, one for
financial institutions, one for friends
and family and one for subscriptions
- Run firewall and anti-virus/anti-malware
detection programs on the
system. These are subscription-based
services and it is important to keep
them up to date.
- Use different and complex passwords
for each account that utilizes email
- Never reply to a suspicious email, as
this will validate the email address as
Identifying and dealing with phishing attempts has become a
basic necessity of everyday life. Catchy titles such as “Save 75%,”
“Your account is past due,” “New unseen footage,” “A child predator
has moved into your neighborhood” or “A new LinkedIn request
has arrived” make a connection with the curiosity in many. It’s
important to remember to be vigilant in staying protected.
Read the full Benefits News here