KW Realty Centres Blog
Phishing and Cyber Fraud Prevention
Phishing and Cyber Fraud Prevention Tips to Reduce Your Risk
Did you know...
- Phishing surged by 250 percent in Q1 2016
- The Anti-Phishing Working Group tells us that there were over 123,000 phishing websites in March 2016 alone. That is 3 times the number seen 4 months earlier!
- Reports indicate that email scams resulted in a loss of over $2.3 Billion in the last 16 months
- Top 3 Targeted industries Service/Retail, Financial, Payment Services
Recommended Best Practices
Using Your Common Sense Is Key!
1) Don’t respond to emails that request personal or financial information. Banks or e-commerce companies generally personalize emails, while phishers do not. Phishers often include false but sensational messages, (e.g. "Urgent - your account details may have been stolen") in order to get an immediate reaction.
Reputable companies don't ask their customers for passwords or account details in an email. Even if you think the email may be legitimate, don't respond. Contact the company by phone or by visiting their website. Pick up the phone and speak to a real person, or type the URL in yourself by hand rather than clicking a link in a suspicious email.
2) Do not click on links, download files or open attachments in email from unknown senders. Always be cautious about opening attachments and downloading files from emails, no matter who they are from.
3) Beware of the “From” email name. A favorite phishing tactic among cybercriminals is to spoof the From/display name of an email. More than half of 760,000 email threats targeting 40 of the world’s largest brands!
Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “Acme Bank,” the email may look something like:
From: Acme Bank
Subject: Suspicious Login Attempt
While Acme Bank doesn’t own “secure.com” this email still appears legitimate because most user inboxes only present the display name (Acme Bank). Don’t trust the display name. Check the full email address — if it looks suspicious, don’t open the email.
4) Check to ensure the website you are visiting is secure. Before submitting your personal or other sensitive information, there are a couple of checks you can do to help ensure the site uses encryption to protect your personal data.
- Check the web address in the address bar. If the website you are visiting is on a secure server it should start with "https://" ("s" for security) rather than the usual "http://."
- Also look for a lock icon on the browser's status bar. You can check the level of encryption, expressed in bits, by hovering over the icon with your cursor.
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- Note that the fact that the website is using encryption doesn't necessarily mean that the website is legitimate. It only tells you that data is being sent in encrypted form.
5) Be extremely cautious with passwords, personal data, and emails. Most banks have a security page on their website with information on carrying out safe transactions, as well as the usual advice relating to personal data.
- Never share your pin numbers or passwords with anyone
- Do not write them down
- Do not use the same password for all your online accounts
- Change your passwords every 90 days
- Avoid opening or replying to spam emails, as this will give the sender confirmation they have reached a live address
- Use common sense when reading emails. If something seems implausible or too good to be true, then it probably is
6) Keep your computer secure. Some phishing emails or other spam may contain software that can record information on your internet activities (spyware) or open a 'backdoor' to allow hackers access to your computer (Trojans).
- Installing antivirus software and keeping it up to date will help detect and disable malicious software, while using anti-spam software will stop phishing emails from reaching you.
7) Always beware of urgent or threatening language in the subject line. Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt”.
8) Always review the “signature block” of an email. Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate, reputable businesses always provide contact details
9) Check for spelling mistakes. Reputable, legitimate brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
10) Analyze email salutations. Is the email addressed to a vague “Valued Customer”? If so, watch out—legitimate businesses will often use a personal salutation with your first and last name
11) ALWAYS report suspicious activity. If you receive an email that appears in any way to be a phishing attack, report it to your local/MC IT person immediately and any other chain of command for security incident escalation right away.