Each day there’s another story about reams of personal data stolen from a giant corporation. While it might seem like a recent phenomenon, it’s far more common than you imagine.
Many thefts happen begin from within. Huge amounts of data can be stolen with one simple phishing email. When an employee clicks on a link, the employee’s computer gets infected with password stealing and remote control applications. From there, the hackers can bide their time and collect valuable personal information. Dennis Dayman, Eloqua’s Chief of Security Officer, provided some helpful hints on how to avoid becoming that unwitting employee.
A lot of phishing emails will start off with a strangely personal greeting from some clown you don’t know. The subject line might say something like “It’s been awhile” or ask “How’ve you been?” The body of the email might direct you to wedding photos or photos from a recent vacation in Aruba. Watch out for click HERE instructions. If you are scratching your head wondering if you know the sender, then there’s a good chance you don’t. Hit the delete button. Slideshows from others’ vacations are boring anyway.
Too Legit, Better Quit
“You need to verify your account.” These five words should set off alarms. Many phishing emails come under the cloak of verification. The emails are typically short, official sounding and possibly mention a brand you might have done business with in the past. The email might state the need to verify an account you recently established by clicking a provided link. Be careful. If you have any doubts, ping the brand supposedly sending the email to see if it’s the real deal.
Phishing schemes use language designed to convey a sense of urgency. The email might say that if you don’t click now funds might be frozen, or an account closed, or money being lost. If an email demands you immediately log in and provide or update information, nix it. If in doubt, contact the company supposedly represented in the email.
You would think a hacker taking the time to craft a phishing scheme would take the time to run spell check. But, in fact, many of these fraudulent emails contain misspellings of common words and atrocious grammar. Any organization worth its salt takes the time to ensure its communications pass the basic rules of the English language. If the email is riddled with terrible grammar, send it to the trash barrel.
Hacked At Home
There’s a good chance – we hope! – your organization has invested in secure systems and networks. Your home system probably doesn’t have the same protections. If you use personal systems to access your organization’s networks, you might be providing a backdoor to hackers. Don’t be that person who forgets to lock the door behind you.
For comprehensive and easy to understand info on this topic, be sure to read the Grande Guide to Deliverability & Privacy released yesterday.