Wednesday, August 12, 2015

Cybersecurity Smarts: Don’t Go Phishing

Phishing is an all too common occurrence we see everyday -- just check your spam box. Unfortunately, people in Colorado are estimated to have lost millions of dollars last year to scams. So what is it, what does it look like, and how do you ensure you aren’t a victim?

What is Phishing?
Phishing is done through email (most common) or phone by someone who is posing to be a legitimate business or organization. These requests will ask you for personal information or encourage you to download something to your computer. Oftentimes these emails contain links that can install viruses on your computer and permanently damage it. While many people receive these emails, generally those who are less technology-savvy are most vulnerable to phishing scams.

Examples of Phishing Scams
Phishing scams usually contain some request for information or action, such as clicking a link. This is how the scammers gain information to attack your computer and identity.

Phishing messages could look like this:
  • "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
  • "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

How to Avoid Phishing Scams
There are some steps you can take to avoid being a victim of phishing attacks:
  • Be cautious of all emails from addresses you don’t know.
  • Also be cautious of generalized emails, even from people you do know. Often scammers hack into emails of other people and send messages through friends.
  • Only give personal information through secure, official websites (ie. Amazon). Tip: look for the ‘s’ in the https:// in the URL. The ‘s’ means secure. If it just says “‘http://” it is not a secure website.
  • Do not click links or download files from unknown senders.
  • Don’t click on links in unsolicited emails -- if FedEx (for instance) sends you an email that you weren’t expecting, rather than clicking on the link in the email, go to your browser and type in the URL that you typically use to access that site.
  • Do not enter personal information on a pop-up screen.
  • Never send personal information through email -- your bank will never ask you for your address, social security number, account number, or any information in email.
  • Make sure you keep all software, including your operating system, up to date.
  • Run anti-virus software, and keep it up to date.
  • Examine the security controls your bank, email providers, and other service providers you use offer -- you may be able to take advantage of 2-step verification and other controls that would prevent your stolen credentials from allowing unauthorized access to your account.

What To Do if You Think You’ve Been Scammed
Unfortunately, bad things do happen and someone could gain access to your sensitive data. There are some steps you can take to minimize the damage scammers can do to you, once they’ve already gained access to your data.
  • Change all your PINS and passwords for your online accounts.
  • If you know any accounts that were accessed fraudulently, close those accounts promptly.
  • Contact the bank or merchant directly if you suspect the email sent on their behalf is not legitimate.
  • Run a virus and security scan on your system to make sure there are no residual threats.
  • Request a free credit report to see if any other accounts were opened under your name.
  • Report the scam so it can be stopped in the future.

Reporting Phishing Scams 
The State of Colorado is particularly interested in stopping scammers. That’s why the Attorney General’s Office has started a campaign to stop fraud, and even created a website dedicated to stopping scammers. Visit StopFraudColorado.gov to report and help stop phishing.

Debbi Blyth: Chief Information Security Officer. Colorado native (almost!), beach lover, deep sea diver, Sunday school teacher. I'm the queen of keeping Colorado safe online. Find me on Twitter at @debbiblyth.

No comments:

Post a Comment

OIT encourages open discussion, and we invite you to share your opinion on our issues. By commenting on this blog, you are agreeing to our commenting policy, outlined below.

We reserve the right not to publish comments on our blog containing any of the following elements: profanity, misinformation, spam, off-topic/irrelevant (including self promotional posts not having to do with IT or the organization), personal attacks, promotion of violence, or the promotion illegal or questionable activities.

If you repeatedly violate this policy, you will be blocked from commenting.

If you have a question regarding this blog or anything on it, please email us at oit@state.co.us.

We appreciate your cooperation and support, and look forward to connecting with you!