Educate your email users about phishing
Written by Carl E. Reid on November 3, 2008
Last week one of my clients received the resurfaced American Express phishing email. And yesterday an associate told me a dastardly story about being fleeced out of $2,700 from his Citibank account. This was the result of responding to a phishing email. Although email administrators may be more educated and wiser to phishing emails, we must continue to stick to the basics in reiterating and providing ongoing education to our email end users. As mundane and simple as it may be to us, it’s important to stick to the basics.
Educate your email users with the following information in your next phishing alert email or newsletter:
What is phishing? Phishing is when some one sits there and creates a spam message to fool the user into thinking that they are going to a legitimate web site and ask them to give up personal information, such as their social security, credit card and bank account numbers. However, this fake web site is only set to steal the user’s information. The email may look like it is coming from a legit company - creating a web site is easy and to make it look like one from a legitimate business is not hard either.
I had received an email from my ‘bank’ requesting me to update my profile. Within the email it stated to make changes if needed for my account number, social security, home address and home phone number. I thought to myself, ‘why would my bank want me to update my profile when they had never asked me to do so before?’ I thought it was strange but did not act on the email right away. I put it out of mind and continued with my day’s work. By the next day I received another email requesting that I update my profile. Now I was curious as to why the urgency to update my profile. I called my bank and spoke to someone in customer service. I found out that they did not send any email and I was not respond to the email or go to the link that was within the email. I forwarded the fake email to the customer service rep and she assured me that the bank would never send an email to request me to update any profile. She told me that were I to receive any more emails, to call and verify if the request was a legitimate one.
How can you protect yourself from phishing? You can start by filtering and blocking spam from getting to your inbox. Next is to protect your host file in Windows. You can use security software to protect your host file and to check whether there are any entries that do not look familiar. Another option is to change how email is received, from HTML to plain text – this will strip any codes embedded that may be executed. It’s also important to have a very good anti virus software installed as well as an anti spam software. With both softwares you can protect yourself much better against such attacks. Another option you may want to consider is to change your Internet browser. Most have Internet Explorer installed but you can change it to Mozilla Firefox, Opera, etc. Many experts believe that Microsoft Internet Explorer is vulnerable to such spam.
Overall double-check the email that you receive requesting such personal information. If you are not sure about the legitimacy of the email, verify with a phone call or letter. With a good anti spam software installed you can minimize the spam coming in.
Consider sending this type of information to your email user community on a regular basis.
Loading ...