Data Protection

Do you Know How to Spot a Scammer?

Do you know how to spot a malicious email or know if someone is trying to trick you into giving information on a phone call?  If you are technical and been around the block a bit, you are confidently saying yes right now.  You are also thinking that your end users need some help in this regard.   You are partially right.  Your end users do need some help.  Since I do a lot of phishing tests both internally and externally, I feel pretty confident saying that you or others on your technical team need some help too.

For some reason, technical people like to click things.  Amex receipts for $50,000 on a Ferrari or lost FedEx packages, it really doesn’t matter, you will click it.  I get more technical people than almost anyone else.  It’s like the people that drive fast in the snow when they have four-wheel drive.  They trust that they are safe, but end up in the ditch just the same.

No matter who you are, you need to pay attention and stop and think before you click any link.  Do I normally get Amex emails to my work account?  Would the court send me a traffic violation to my work email?

A good phishing email makes you worried that you are in trouble.  Court violations, angry invoice emails, etc all encourage you to click the link because you want to stop the stress and get moving on fixing the situation.  Take a few steps and hover your mouse over the link before clicking.  Where does it go?  Does it take you to americanexpress.com or does it take you to annericanexpress.com? Pay particular attention to the way things are spelled.  When you are in a stressful situation you’re a more prone to making rash decisions.  Take a second to review what is happening.  An extra minute or two normally will not make a difference to the client, but it can make all the difference for you and your online security.

There is also increased activity with phishing phone calls.  They try to get you to give your social security number, date of birth, or other personal information.  By now I’m sure you have heard of the group claiming to work with Microsoft calling to clean the virus off your computer, for a fee.  Scammers do this because people fall for it.

Even if your company doesn’t offer training on how to detect this stuff, you can take these 3 steps to help yourself out.

  1. Take a step back and think through the situation. Are you expecting this email or phone call?
  2. Hover over the link and determine where it goes.
  3. If the email or phone call becomes stressful, this is a red flag.

During this holiday season, the bad guys are out in full force.  Make sure you protect yourself. Contact Thrive to learn more about security awareness training.