Most people are pretty sure they’re savvy when it comes to phishing scams… but often they still fall for scams, or are at the very least, targeted very specifically.
Here are several very important reminders for everyone – even when you think it’s harmless, it can be used against you! I posted this earlier today on my Facebook wall, and I encourage you to share this as much as you can. It’s too easy to forget!
This is a must share reminder.
Many people don’t realize that Social Media is a way for attackers to gain knowledge they use to “spear phish” you. Two thirds of all info security breaches start with social engineering. Social engineering is “(in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.” Here are some tips to remember when using ANY social media:
– Do NOT post information that you would not be comfortable sharing with a stranger or seeing it in the newspaper.
– Be careful about sharing too much information about yourself. An attacker could leverage anything that you share. ** This especially applies to those types of “share this” and 20 question type posts that are like chains – “what was your first car”? “What is your favorite vacation”? “Where did you grow up?” “what school did you attend”? All of these are typically security questions on some banking and other sites. If you then start sharing this information with the world, all of this is a major security thing. Unless you’re answering jokes, don’t post legitimate information.
– Be careful about who you accept as a friend on social media!! If you DON’T know the person, check out their profile. (Hint: if they’re “widowed” and have pictures in an army type suit or a father / daughter” type picture, these are usually fake profiles.) If they have no pictures or their account has no posts except something in the past week or so, it’s also likely fake. Hit the DENY and REPORT SPAM button.
– If a family member or friend suddenly asks you to friend them (and you’re already friends)… contact them privately OUTSIDE of social media but to the ORIGINAL person to ask if they in fact did create a new account. Most instances the answer is NO and someone has replicated all of their information, stole their pictures etc. to try to scam you by thinking it’s a legitimate family member or friend. Report the scam profile.
– Don’t make your entire social media profile publically accessible. Check your security!
Remember, when you receive an email, even if you know the sender – (but especially if not) – be suspicious of links, attachments and poor grammar. If they say “check this out” and it contains a weird link- DON’T fall for it.
– Always hover over links to make sure that it goes where the text says it will. While the text of the link may look legitimate, the actual URL for the link may not. If unsure, move it to your junk folder (particularly in outlook) and you can see what the original link is.
– Your banks will NOT send you emails to verify your account, or under sudden investigations etc – unless you’ve literally JUST opened an account (within a few minutes) AND are EXPECTING that email.
– Only open attachments from someone who is a trusted sender, and you know you were expecting it. (If unsure, message them to ask).
– If you have outlook or some “mail preview” option – consider turning it off. Yes, it’s one more step to view the email, but it helps ensure viruses can’t be triggered on open. (NOTE this is a tip to also send to your junk folder – which prevents attachments from triggering).
– Poor or incorrect grammar, spelling mistakes, unusual urgency, or messaging that is uncharacteristic of the sender is a sign the email is probably a phishing scam.
Please share or copy/paste to your timeline. It’s important that everyone is reminded – no matter how safe we all think we are, many forget these things and post far too much information publicly.