Grundig IT Newsletter
Computing News That You Can Use – December 2020
Quote of the Month: “By failing to prepare, you are preparing to fail.”
– Benjamin Franklin
With the dangers of COVID-19 still lingering about the world, multitudes of users are spending more and more time online. Similarly, more and more illicit businessmen – you know, criminals? – are pushing their work online even harder. More than ever, a wealth of data exists on your network that cybercriminals want to get their hooks into and use to their financial gain, possible extorting you or your company with a ransomware attack that originates from an email.
Grundig IT has talked about phishing scams before, and so have many other sources, other IT companies, the FTC, and other IT outfits and vendors. In fact, phishing scams are still very prevalent, and will likely never go away as a significant threat of the online world. The greatest advantage these scammers have is that they don’t need to actually succeed most of the time – they have scripts and programs which produce the work in mass. They only need to succeed a few times to make it worthwhile.
A lot of people think they’re safe – “Oh, I’m aware of phishing scams, and I’m an intelligent person, so I won’t fall for this.” And they’re probably right, they’re intelligent and they won’t fall for it by being foolish. But phishing isn’t about preying on peoples’ intelligence, it’s about preying on peoples’ fears, comforts, and carelessness. We’re not really worried about free money emails, or helping the displaced Prince of Nigeria, or other traditional scams. Those are designed to target greed and foolishness.
Effective modern phishing scams involve comfort and familiarity. These emails use the correct images, the correct website names, the correct spelling. They’re copied directly from a legitimate source – usually from a website or prior company email. Real good phishing scams are using expected, comfortable ‘problems’ to get you to handle something with a mild sense of urgency:
- An email from your bank is warning you that there was a problem with your password being leaked and requests you to login to change it. Oh, you’ve heard there’s a lot of hacking lately, it seems reasonable.
- An email from your phone/streaming service informing you that your payment bounced and you need to enter a new one to continue payment, or they’ll discontinue service at the end of the week. Ah! Your payment was probably a few days ago, not that anyone remembers the exact renewal date.
- A message from the financial department about an invoice they need information on, to complete an important transaction.
These are the phishing attacks that are most successful. Let’s talk about a few easy steps to avoid these sorts of things.
The first, and possibly the greatest thing you can do is to never click that link. Yes, it seems like a silly thing to say, an obvious thing to say. “Don’t click on the link from the fake email.” Instead, try this, “Also beware of clicking links from emails that appear legitimate.”
If you get an email from your bank, go to your bank website (you probably already have a bookmark for it) and deal with it there, if the problem actually exists. If you get an email from T-Mobile, go to the T-Mobile site directly. A lot of services – especially banks – have mobile apps that have the same functionality as the website, and you can do all your business there. Those links in the email are a dangerous hook for phishers, and hidden scripts can be lurking in the hyperlinks. Don’t risk it.
More and more commonly, people are getting emails that are apparently from someone at their own company. These are the ones that are better researched, and more dangerous. In the modern world, its very easy to learn the name of the head of departments in many companies (Hello, LinkedIn, Facebook, Google search). If you happen to know who the email came from, it’s a very easy thing to send them a text or a call, make sure they’re the one who sent the email. Nobody will be annoyed with you taking a few minutes to protect the company assets, especially if they or someone they know have been targeted before.
The conclusion: Know who’s in charge of data protection in your company, have your important websites already bookmarked for when you need to update your accounts, and always be aware of the dangers of email links and downloads.
If you come across a strange-looking email and want someone else to look at it, send it to us for review.
Much more information about phishing scams and how to avoid them can be found here – How to Recognize and Avoid Phishing Scams. Don’t worry, this link to the FTC website information on phishing and is OK to click. We have tested it.
Regards and happy computing!
Tom Grundig – 925.528.9081
Quick note! – The November 2020 Newsletter left out some important information that we had intended to include – The full version can be viewed on the on the Grundig IT website.