Common Sense Tips and Ideas
Threats are ever evolving and keeping up with current threats can be difficult. We encourage you to use caution and never provide confidential information via text, email, incoming call (by a person or automated call), or pop-up ad on your computer.
When you receive a call or message that seems suspicious or unusual, hang up and call the phone number from your most recent bill or the back of your card. With our increased dependence on electronic devices and the Internet, below is information to help educate and provide you and your business.
Ransomware is malware that is downloaded through email attachments that then encrypts an entire system including any attached storage. One particular ransomware that businesses need to pay attention to is CryptoLocker.
The only way to decrypt an infected device is to pay a fee or "ransom" to the malware owner. Preventing the malware from loading is the key. Don't open any email with a .zip file as an attachment - even if you are familiar with the sender. The exception is if you confirm the sender actually sent the email.
Beware of email alerts which advise you that a package is being shipped to you, especially when the email contains a link to a tracking number. Clicking through a link in a phishing email can result in malware being downloaded to your PC which may then put your business at risk.
Never click on links or open attachments from email senders that you are not familiar with or expecting an email from. If the email is from a known sender but appears unusual or is unexpected, call the sender to verify the validity of the email before you open it or click on any links.
A large percentage of PCs with Java do not contain Java security patches or are not running the most current version of Java. Java runs on millions of PCs and is often exploited by cyber criminals to infiltrate or attack your PC. To combat this vulnerability, as part of your overall security best practices, keep Java up to date and secure.
This is a common form of identity theft for business customers. An account takeover occurs when a fraudster has an individual's information such as social security number, User ID and password, account number, and/or access to email accounts. Once the fraudster has access to this information, they can use it to pose as the customer and conduct unauthorized transactions.
There are many ways a criminal can obtain confidential information. Social engineering is a contributing factor to these and many more scams. Fraudsters use every avenue of communication to have you divulge sensitive account information.
Phishing uses fraudulent emails or pop-up messages to attempt to collect personal or account information. These messages often have a sense of urgency that suggests dire consequences, such as an email from your 'bank' stating your account has been or will be frozen.
Smishing uses a text message from an unknown number, asking you to click a link to another site or call a phone number. They entice you to provide personal or account information and may attempt to infect your mobile device with malware.
Vishing uses the telephone in an attempt to get the user to provide personal or account information, often presenting themselves as legitimate businesses offering assistance to the user.