Phishing Scams: Don’t Get Caught on the Hook

Posted by The ALS Group on Nov 10, 2014 11:35:39 AM

Home Depot’s data breach is the largest retail breach we’ve seen yet. Last week, Home Depot publicly stated that in addition to the 56 million credit card accounts compromised, approximately 53 million e-mail addresses were stolen as well. The issue here isn’t the addresses themselves, but the malicious use the addresses will be put to.

Most likely, the addresses will be the target of phishing scams – attempts to acquire sensitive information (password, credit card and bank data, money, etc.) by posing as a legitimate, trustworthy source. Everyone has been the recipient of a phishing attempt at one point or another; “You won, enter your info here to receive a prize”, or “I’m your long lost cousin from Nigeria and need cash.”  Many times, the messages will include masked hyperlinks that will lead to sites that are infected with malware.

Viruses and malware can quickly take a company’s network and operation out of commission. Business owners should take e-mail related threats very seriously and develop a pro-active strategy to reduce the risk of falling victim to a malevolent messages.

  • Awareness
    1. Education– A TV show from my childhood ended every episode with “Now you know, and knowing is half the battle.” Learning about these scams and phishing attempts will help you identify them when they cross your path. Microsoft has a website devoted to educating users to these threats: Email and Web Scams: How to Protect Yourself.
    2. Question Everything– Microsoft will not randomly call your home to help you fix your PC, and the FBI (most likely) isn’t after you. Blindly entering your personal and credit card or bank information into a website or pop-up on your computer could spell disaster. Unless you’re sure that you’re visiting a secure and trusted website, err on the side of caution.
    3. Develop IT Acceptable Use Policies – Draw definitive lines in the sand for users of what is and isn’t acceptable use of company systems and applications. While company e-mail may be filtered for malicious messages, home e-mail accounts and Facebook messages won’t be.
    4. Create a Relationship with a Trusted Advisor– Have someone a phone call away that is trained to identify scams and phishing attempts that can help keep your information safe.
  • IT security policies and procedures
    1. Mail Filtering– A mail filtering service will prevent 99 percent of spam before it reaches the company server or user’s inbox, greatly limiting the potential of an infected attachment or phishing attempt to reach the user.
    2. Web Filtering– Firms should employ a web filtering service that will catch malicious code from entering the network through the web. The software can also be used to prevent users from visiting potentially dangerous and unproductive sites. Web filtering software is also an excellent tool to enforce your acceptable use policy.
  • Increase Your PCs' Security Measures
    1. Anti-Virus– Make sure your anti-virus programs is up-to-date and receiving virus definition updates daily. Most real-time scanning software packages allow users to schedule regular scans on your PC. If you’re in a corporate environment and don’t have control over the program’s options, ask your trusted IT advisor to schedule the scans for you.
    2. Malware Protection– Most anti-virus programs will protect you against some malware, spyware, and grayware, but not all of it. There is additional software out there that will protect your PC from these other forms of malicious software.
    3. Setup a Firewall– Home users can use a software-based firewall, but firms (even small businesses) that may store client data and personal information (social security numbers, credit card information, etc.) should be behind a firewall device that will prevent intrusions.
    4. Have a Backup – If your firm is not in the position to have a redundant system running that will assist in recovering from a disaster such as a network impacting virus, ensure that all applications, databases, and data files are backed up locally and offsite.

Obviously, these pointers barely scratch the surface of network security, but having even basic means in place and raising awareness to potential threats will reduce your risk of an event. You can read more about the Home Depot data breach in the article “Home Depot Hackers Exposed 53 Million Email Addresses.”

About the Author

Jon Edwards is the IT Manager for The ALS Group. You can read more about Jon or contact him here.
Click here to request more information about The ALS Group or developing a mobile security policy.


Topics: Cyber Risk, Risk Management Blog

The ALS Group

Risk Management Blog

We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe. 

Our areas of expertise include:

  • Enterprise Risk Management (ERM)
  • Cyber Security & Cyber Liability Insurance
  • Construction Management
  • Customized Risk Management Assessments (RMAs)

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all