Avoiding the Everyday Scam
July 27, 2023
No one is impervious to hacking and phishing, not even the International Secure Information Governance & Management Association. Yesterday hackers were quick enough to send a pretty convincing trademark violation email through one of our email accounts. Luckily we secured the situation, although unfortunately many still received the email (If you did receive this spam email, make sure you do not click on the link, and make sure to delete from your inbox). In light of this, we thought we would revisit a previous article which covers some resources for managing and spotting day-to-day spamming and phishing attempts.
In a world where so many facets of our lives and the information we keep is held online, where we see passwords and security, hackers and scammers see opportunity. For a business, one way to avoid hackers is by keeping systems, processes, and passwords up to date. However, when it comes down to it, all of these things can fail with employee oversight, and simply not being able to spot a phishing email. So, what are some steps you can take today to protect your accounts from hacks? Here are some tips from the National Cybersecurity Alliance.
- Use long, complex, and unique passwords. Every password should be at least 12 characters long and include letters, numbers, and symbols (like % or $). Ideally, your passwords should be random strings of characters, not recognizable words. Very importantly, each account should be protected by its own unique password. To create and store all these passwords, use a password manager!
- Switch on multi-factor authentication. Multi-factor authentication (MFA), sometimes called 2-factor authentication, adds a whole other level of security beyond your password. MFA will use biometrics, security keys, text messages, or an app to make sure you are you, even if a hacker gets access to your password. Enable MFA for any account that allows it!
- Think before you click. Learn how to identify phishing messages, which will often try to inspire panic or urgency. Take a few seconds to read through the message and who sent it. With a little knowledge, you can spot most phishing attempts within moments.
- Turn on automatic updates. The best way to get the latest, strongest security is to install software updates as soon as they are available – and the best way to know when they are available is to turn on automatic updates! Set it, forget it, and you won’t regret it!
And for all your other everyday hacking attempts, here are some tips from the Better Business Bureau on how you can take diligence in protecting your business from unnecessary scam risks:
- Keep good records. Keep documentation of all orders and purchases. This will help you to detect bogus accounts and invoices.
- Most email platforms, including Google and Yahoo now allow you to unsubscribe from emails without clicking on any links within the email itself. If you never subscribed to the email to begin with, don’t click “Unsubscribe” at the bottom, but use your email platform’s Unsubscribe or Junk feature to remove the email.
- Be extra careful with payment procedures. Establish payment authorization procedures, including a multi-person approval process for transactions above a certain dollar threshold.
- Avoid some payment methods when possible. Wire transfers, pre-paid debit cards and gift cards are scammers’ preferred methods of payment. Always confirm that any requests for payment with untraceable methods such as these are verified by an authorized source. Also, try to pay by a written, company. That way, a paper trail has been created.
- Double-check vendors. Make sure that the business billing you is a business you’re familiar with and normally do business with. If not, question it. Get the name of the person you speak with, the company name, address, phone and website.
- Be careful what information you share. Do not give out information about your business unless you know what the information will be used for. Never provide personal information or financial details to anyone you don’t know.
- Protect your devices. Make sure you have proper computer protection software and a firewall. Don’t click on links inside unsolicited e-mails. They could spread malicious software or viruses.
- Spread the word. If your employees know about the scam, they’ll be more likely to spot it. Tell your colleagues too.
Should you receive any phishing emails, it is recommended that you forward these to the Anti-Phishing Working Group at [email protected] and the FTC at ReportFraud.ftc.gov.