Technology Advisor Blog

Beware of Phishing attempt to "Authenticate your Account"

Posted by Ann Westerheim on 7/25/17 9:12 AM

Phishing.jpgStay alert when reading through your email.  Our Cybersecurity advice focuses on "layers" of security, and even with all the technology in place to protect you, the "bad actors" will always resort to new tricks.  End user education and vigilance are key.

We've been alerted about a new phishing wave making the rounds.

These emails state that the email address has been flagged for suspicious activity and the user is required to click a link to authenticate the account. 

Please note that these emails are NOT legitimate emails sent by the hosting platform. If you notice emails that contain suspicious links or attachments, please avoid clicking on any links, and please remind all users in your organization to stay alert.

A few additional reminders include:

  • Never share personal information via email
  • Visit websites directly from browsers and bookmarks - not email
  • Double-check attachments before you click or download them
  • Watch for misspellings and strange greetings (Hello Madam!)
  • Be suspicious of emails that evoke a sense of urgency and ask for your immediate action
  • When it comes to wire transfers, be extra vigilant.  Confirm with a face to face or phone conversation.
  • When in doubt - DO NOTHING!

Think before you click!

 

Tags: email security, phishing, cybersecurity

Beware! Flight Information Phishing Emails

Posted by Ann Westerheim on 12/8/11 8:21 AM

Beware of Internet ThievesThis is the time of year when many people travel.  We have received a lot of questions recently about the latest email security threat:  a new wave of "phishing" emails that are based on flight information notifications. 

The emails vary, but as an example, one of the emails we looked at had a subject of "Your Flight Order" and some official looking numbers, with the content of the email containing the flight number, date and time of departure, airport name, price, and then a link to print the ticket.  This link looks innocuous, but it actually goes to a foreign web site set up to steal information from you, or infect your system with malware. 

What a lot of people may not know is that a link in an email can say anything, and be coded to go to an entirely different location.  The "bad guys" are basically trying to get you to click on the link.  You may have travel plans and quickly click on the link because you think it's your real ticket, or you may be curious because you think your credit card may have been breached ("who bought this ticket and why am I getting the notification?").  With "social engineering" the emails look familiar, so people unknowingly click on the links.  Other recent phishing scams involved package shipment notifications and ACH bank transfer notifications.  Because the actual text of the email is innocuous, these scams will often get through spam filters when the new wave first appears, until the spam filter definitions catch up.

Delta airlines has a link on their web site alerting folks about the phishing email alert if you want to read more.  The US Computer Emergency Readiness Team (CERT) has a posting on their website of a number of holiday phishing and malware threats.  The Federal Trade Commission's Phishing Scam Page also has a lot of excellent information about how to protect yourself form on-line threats.

ALWAYS be aware when reading your mail.  Don't click on any links in emails that are questionable. 

Tags: phishing, email security

Computer Security - Phishing scams that impersonate the IRS

Posted by Ann Westerheim on 12/9/10 9:08 AM

Many of our clients have expressed concern after receiving intimidating emails they thought were from the IRS.  Phishing scams seem to come in waves, and the most recent wave we're seeing involves fake messages such as "your federal tax payment has been rejected".  If you look closely at the message, the emails are typically from a random address with a name that doesn't even match the email address. Identity theft is the typical goal of these messages as they try to entice you to go to a web site to enter personal and financial information.

The IRS website explains their policy on email and has a lot of information regarding a wide variety of scams such as fake refund information.  "Generally, the IRS does not send unsolicited e-mails to taxpayers. Further, the IRS does not discuss tax account information with taxpayers via e-mail or use e-mail to solicit sensitive financial and personal information from taxpayers. The IRS does not request financial account security information, such as PIN numbers, from taxpayers."

Rest assured that you are not being personally targeted even though it feels like it because the message winds up in your inbox.  Anyone with an email (phone or fax) can randomly become a target.  The message looks intimidating, but its just a fake.  The messages are specifically designed to get through spam filters because the sender addresses are random (spoofed), and the content contains official sounding language that wouldn't normally be flagged.

What should you do if you get an email like this?  Report the sender by forwarding the suspicious e-mail or url address to the IRS mailbox phishing@irs.gov, then delete the e-mail from your inbox.

Tags: computer security, phishing, IRS scam

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.