Author: Jonathan Harrington
Phishing is an increasing problem in today’s society. Scammers are using texts, emails and instant messages to gain access to individual’s and company’s data for malicious purposes. The FBI reports that people lost $30 million to phishing schemes in one year.
Recently, one of our advisors received a phishing email from a client’s email account that had been hacked by a scammer. The email looked fairly legit and was requesting that the recipient click on a link to a Microsoft One Drive file. In fact, the scammer had sent this same email to all of our other employees hoping that at least one of us would click on the link and become a victim of the phishing ploy.
Because we require our employees to take annual information awareness and phishing avoidance training, we all immediately recognized that it was a phishing attempt. It had several red flags: multiple fonts were used in the email; we weren’t expecting a document from the client, and the text “the file is safe to view” was used in the message (which we saw as the scammer’s way of trying to create a sense of false security). We also use Sharefile to exchange documents with the client (at a very high level of security) so the biggest red flag was that this client was trying to send us a document via OneDrive at all.
We immediately called the client and let him know that we suspected his email had been hacked. At the time, he didn’t know. But as soon as we got off the phone with him, he called his internet service provider and started the hard job of recovering his email and notifying all of his contacts that were targeted by the scammer.
This incident reminded us that everyone needs to be aware of what phishing is and how they can prevent it. The FTC has a great website dedicated to this topic with a lot of great tips.
If you aren’t using a password manager – START! Smart password management is an important way to protect yourself from scammers and phishing. Lastpass and 1password are both great options. With an online password manager, you can create strong passwords and manage them in a secure portal that isn’t a sticky note or unprotected file on your computer that a scammer could easily find if they had access to your computer.
Also, use two-factor authentication (also known as multi-factor authentication) when available. Two-factor authentication is an extra layer of security on top of your user name and password. If a scammer tried to access one of your accounts that has two-factor authentication enabled, they would have to perform an additional step, such as entering a pin, a secret question or a code that is sent to your phone, in order to gain access to the account.
The most effective way to not become a victim of a phishing attempt is to NEVER CLICK ON LINKS in emails, texts or instant messages. This is true even if it is coming from a known sender because you never know if their email has been hacked by a scammer. Be smart and you can significantly reduce your exposure to the risk of becoming a victim of a phishing attempt.