Last week the FBI issued a release warning people about spam containing malware and phishing scams that may come in the form of an e-mail or holiday e-card.
Cyber criminals are extremely good at sending e-mail that looks like it comes from a reputable source like a credit card company or a bank. The goal of a phishing attack is to get personal information from the victim. According to the release, cyber criminals send links in e-mail that look valid. When clicked on, it takes you to a legitimate site then it pops up a window over the site that captures your personal information.
Many users are not up to date on the latest techniques criminals use to steal data and fall victim to phishing scams every year. IT professionals need to be diligent and educate their users about potential problems. The following are some suggestions on how to educate your users:
- Create a monthly security newsletter to inform users of scams as they develop.
- Educate new employees at their orientation training about proper Internet behavior and how to protect themselves and your organization.
- Send e-mail alerts as scams are detected.
- Hold brown bag lunches on various security topics.
- InfraGard is a public-private partnership between the FBI, the security industry, and academia that works to educate public and private corporations about security risks. Invite them to visit your company. They will be more than glad to put together a presentation and talk to your users.
Other scams that cyber criminals use involve sending surveys. After the online surveys are completed, the survey asks for account information so that money can be deposited into their bank account for completing the survey.
Here are some tips from the FBI recommends you can use to avoid becoming a victim of cyber fraud:
- Do not respond to unsolicited (spam) e-mail.
- Do not click on links contained within an unsolicited e-mail.
- Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
- Avoid filling out forms in e-mail messages that ask for personal information.
- Always compare the link in the e-mail to the link that you are actually directed to.
- Log on to the official Web site, instead of "linking" to it from an unsolicited e-mail.
Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine. If you are a victim of cyber fraud, the FBI recommends that you contact the Internet Crime Complaint Center at www.ic3.gov