Phishing is using electronic communication to gain access to usernames, passwords or credit card information. It has been around long enough, and technology changes so quickly that we may be quick to dismiss it as a concern of last year. This complacency is used to a hackers’ advantage; the email content is creatively targeted to the season and your industry. You should always be on the lookout for fraudulent package delivery emails.
Mail and package deliveries are always at a seasonal high during the holidays. There is a certain expectation of delivery delays or routing error; making your business especially vulnerable to these attacks. You or an associate will receive an email appearing to arrive from FedEx, UPS, etc. The email describes a missed delivery or a shipping address problem and provides a link to correct the issue. The link directs you to a spoofed website, which attempts to gather critical information like passwords, Social Security numbers, credit card information, and more. Keep in mind that legitimate couriers do not request, via unsolicited email or mail, payment or personal information.
Another similar scam currently in circulation is an email which presents from the U.S. Postal Service. It relates how a package delivery was intercepted and needs a simple confirmation from your office – notice that no personal information is requested. A link is provided to offer more information. Once the link is active, a virus is installed to steal the personal information on your computer. The email may contain a sense of false urgency, to encourage the user to react quickly. Such as stating non-action will lead to fines or unnecessary expenses.
Phishing is ever a clever and creative method of collecting your information. Prevention and detection are simple: here are a couple reminders on averting a phishing attack:
- Be skeptical of all emails, not matter the sender.
- Avoid opening any suspicious, unsolicited emails.
- When not sure, call to verify.
- Know the sender before opening any links.
- Ignore odd commands and urgent actions.
- Never provide any personal or business information.
- Watch for extensive spelling and grammar errors in the body of the email.
- Links to familiar-looking websites may be spelled wrong or have minor modifications from what you would actually expect.
- Check email settings to have more spam captured in the junk folder.
- Keep antivirus, anti-spyware, and browser software up to date and current.
Phishing attacks account for the vast majority of attacks to federal and private sector networks. It is predicted that attacks will increase as company data is more frequently accessed on personal devices, such as smartphones and tablets. The best defense against these attacks is internal awareness.