Beware of the Recurring Phishing Season
Forest fires, pandemics, subsidy programs, election years and stock market fluctuations all have something in common: they each provide cybercriminals with new opportunities to defraud both businesses and individuals through phishing scams.
In most cases, the cybercriminals develop their phishing emails to prey on individuals in need or on the generosity of potential donors who want to help. A common tactic is to craft emails that have the appearance of coming from a legitimate government agency or support organization with links to carefully crafted websites that can prompt the potential victim for more information. Their hope is that you will react emotionally and click their offered link. However, following such links can expose the victim to:
- Unwarily disclose personal information
- Unwittingly share user credentials that could be used on further attacks
- Download malware that could be leveraged to infiltrate the victim’s system
- Install ransomware that could encrypt or destroy the victim’s data files
Regardless of the outcome, these all result in exposures ranging from moderate to extreme.
In order to avoid these risks, there are a few simple steps that can be followed:
- Is it too good to be true? Significant help or relief is rarely provided unsolicited. If the email was unexpected, be very skeptical. Check the email address very carefully. Depending on the features of your email client, identify the properties of the email address and check if it’s legitimate.
- Is it really them? Go to their web site. If the offer or opportunity is legitimate, it should be featured on their web site. If it’s an organization or company with which you have an existing relationship, consider calling their known, valid phone number to make inquiries.
- Beware of disclosing too many details. Legitimate assistance programs would never ask for certain personal data such as user IDs, passwords, account numbers or social security numbers.
- Don’t be afraid to ask for help. If the unsolicited contact was received at work, consider contacting your Help Desk or Service Desk to ask for their assistance. Your company might have even provided you with a Phishing Alert button in your email software. Your employer would much rather help you confirm that an email is legitimate rather than deal with the fallout from a successful phishing attempt.
Unfortunately, even with remaining vigilant and considering the above, it’s still possible to fall victim to such phishing activities. In the event you suspect you’ve been the victim of a scam, you should immediately:
- Notify your company’s Help Desk
- Change your related passwords
- If applicable, contact the actual organization and notify them
- Notify your credit card company or bank of any affected accounts
- Check and monitor your credit report; if possible, freeze your credit
If you have any questions on how to handle phishing scams, please reach out to Patrick Morin or your BNN advisor at 800.244.7444.
Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, investment, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.