11 Dec Protect Yourself Against Phishing
By Rachel Wicks
It’s the most wonderful time of the year for many of us – including cyber-scammers.
Here at Clearline we have seen and experienced many different types of scams over the years. Most recently, a scammer took on Jeff Block’s name and started sending emails to our staff. The emails were not actually from Jeff’s account – his account was not hacked. Rather, the scammer created a random account and simply changed the sender’s name to Jeff’s. The scammer then sent short emails to our staff that said “Hey can you help me really quickly”. If one of our staff replied with “Sure, what do you need”, the scammer simply replied: “can’t talk in meeting, but can you buy me iTunes gift cards.”
Rest assured, no security or data breaches have occurred at Clearline. IT security is of utmost important to us! In an effort to further enhance your cyber awareness, we want to highlight a common cyber-attack that everyone should be aware of – phishing. “Phishing” is the most common type of cyber-attack that affects organizations like ours and yours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details.
We’ve outlined a few different types of phishing attacks to watch out for:
- Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
- Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to Clearline or any other known company to you in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
- Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to yours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and ask you for sensitive information (including usernames and passwords).
- Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.
What You Can Do
To avoid these phishing schemes, please observe the following email best practices:
- Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Watch for email senders that use suspicious or misleading domain names.
- Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
- Do not try to open any shared document that you’re not expecting to receive.
- If you can’t tell if an email is legitimate or not, contact that person or company directly.
- Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
Please note that the staff at Clearline will never ask you to share your usernames and passwords, or banking details over email.
Be extra vigilant this holiday season. If you are unsure about the email, a good old fashioned phone call to the sender to confirm the legitimacy is never a bad idea. And if anyone wants to buy an iTunes gift card, Clearline has a few we are looking to sell. ☺
For more information on how to protect yourself against fraud, check out Canada Revenue Agency’s tips here.