Through 2018 the increase of business transactions over the web has resulted in fraud transactions growing aggressively. Phishing accounted for 48% of all cyber attacks observed by RSA Security and financial malware accounted for one out of every four fraud attacks.
Phishing is a social engineering scam designed to convince an end user to give away the security keys protecting your most vital information. Phishing is most commonly initiated by an email but may also include text messages, copycat websites and robot or human phone calls. These attacks create the illusion of another institution in order to confuse you into entering a vital piece of information required for identity theft or network intrusion. Social security numbers, passwords and bank account numbers are all common targets but attacks continue to grow in complexity.
The growing trend is targeted attacks where smaller pieces of information are gathered to make realistic impersonations. Your boss’s name can appear on an impersonating social media account asking for a company account number. Fake software technicians are requesting remote access to update Windows and installing malicious software. Spoofed electric and water utility services are sending requests, by text and email, for updated payment methods.
Rules to Avoid Phishing
- Never allow remote access to your devices except by verified technicians. ICT Help Desk, [email protected], (888) 472-8725
- Contact the Company directly. If any changes need to be made to your account find the email address or phone number from a previous bill on which you have confirmed the payment cleared.
- Check Your Online Accounts Regularly. Get in the habit of visiting your sites changing your passwords regularly. Consider learning how to use a password manager to store unique complex passwords. We’ll have a newsletter on some ideas for that later.
- Keep your software and hardware Up to Date. Vulnerabilities are often discovered in software and patched over time. Failing to stay up to date can leave well publicized security gaps in your software systems, particularly web browsers. Older hardware that is unable to be updated needs to be retired.
- Limit Personal Information on the Internet. Never send personal information by email. Only use websites you can verify in the address bar as accurately spelled and have a “s” for secure, like “https” not “http”. Example https://www.amazon.com , not like https://www.amzon.com
- Turn on two-factor authentication. For accounts that support it, this requires an email, cell phone or smart device to access an app token after entering the password. You can often make this a once per device operation by checking a “Save Device” box to register that hardware address.
Things Infinite Computing Technologies delivers to solve Phishing
- Firewall – Our IP address filtering system contains thousands of known scam sites and prevents your network from ever communicating with them.
- Anti-Virus – Database pattern matching prevents common attacks and advanced file behavior monitoring stops viruses before they modify system files.
- Help Desk – Call support if you have any doubts and they will make a clear identification.
- Backup – When all else fails ICT managed service programs include local and online backup.
Make sure your entire office staff has read the Rules to Avoid Phishing. Report phishing emails and texts. Please forward them to [email protected] . You can also report phishing email to [email protected] The Anti-Phishing Working Group – which includes ISPs, security vendors, financial institutions and law enforcement agencies – uses these reports to fight phishing.
Staying HIPAA compliant is evolving by definition of the ever changing threats to technology. Next month, ICT will present a checkup on technology security procedures.