I was gonna write something Goddessy this evening, but the memo below came to my desk computer this afternoon, and I thought it was important to share its message with you. I know this is a longer message, but for once the writing’s worth it. We all “know” about pfishers out there — kinda like the spammies I talked about the other day — but it never hurts to remind everyone. Share this info with friends, family, grannies (like me!) and kids.
A friendly reminder to always exercise caution to when opening emails.
There has been a recent increase of users at XXXX that have become victims of Phishing scams. Emails may look legitimate, they may look like they are from someone you know or work with but they truly aren’t. The emails may contain links that are able to steal data (like your password; credit card information; etc.) without your knowing it. Sometimes this is a result of a hacked email account, the individuals NAME might be used by cyber criminals to send emails that look like they are from someone you know. When in doubt contact the IT Department OR contact the sender via a new email or phone call to see if the email is legitimate.
Please take the time to read the information below to get a better understanding of the situation.
What is Phishing?
Phishing (pronounced “fishing”) is a kind of identity theft that is growing in popularity amongst hackers. By using fraudulent websites and false emails, perpetrators attempt to steal your personal data – most commonly passwords and credit card information. Criminals gain this information by sending you links to sites that look like sites you trust, such as your online banking provider or social networks, and are able to steal your data as you enter it. Some of the sites spoofed most regularly include PayPal, eBay, Yahoo! and MSN, as well as financial institutions — so don’t think that an email is guaranteed to be safe when it’s not from a bank.
How to protect yourself against phishing
- Be wary of emails asking for confidential information — especially information of a financial nature. Legitimate organizations will never request sensitive information via email, and most banks will tell you that they won’t ask for your information unless you’re the one contacting them.
- Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
- Most of the spam you receive on a daily basis — as well as potentially dangerous phishing emails — is coming to you because a site you have signed up to has sold your email address to another company. If you’re not ok with this happening, it might be worth reconsidering whether you want to sign up to the site.
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them. Many phishing emails begin with “Dear Sir/Madam”, and some come from a bank with which you don’t even have an account.
- Never submit confidential information via forms embedded within email messages. Senders are often able to track all information entered.
- Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar. Often a phishing website will look identical to the original – look at the address bar to make sure that this is the case.
And….from Federal Trade Commission: http://www.consumer.ftc.gov/articles/0003-phishing:
Report Phishing Emails
Forward phishing emails to firstname.lastname@example.org — and to the company, bank, or organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information. To find out how to include it, type the name of your email service with “full email header” into your favorite search engine.
You also can report phishing email to email@example.com. The Anti-Phishing Working Group — which includes ISPs, security vendors, financial institutions and law enforcement agencies — uses these reports to fight phishing.
If you might have been tricked by a phishing email:
- File a report with the Federal Trade Commission at www.ftc.gov/complaint.
- Visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.