We are all experiencing more and more ‘trick’ mails / fraud mails – generally known as phishing mails designed to lure employees to perform payments, give out their credit card information, bank account or other private information. Phishing mails are sent by cyber-criminals that pretend to be someone that can be trusted i.e. a CEO, a trusted company, a known vendor, your bank or an authority e.g. tax authorities, Court of Justice, etc.
What should you do?
Because the cyber-criminals have become smarter it can be difficult to see the obvious signs that an email is not genuine. Please follow the steps below when receiving mails from unknown senders or has suspicious context where they ask you to click on a link or open an attached file or provide personal information.
- A golden rule is to closely check that the sender email address is legitimate by verifying that the email address on the left is exactly the same as the one on the far right –if not then it’s a FAKE!! From: FirstName Surname < firstname.lastname@example.org > email@example.com [mailto:firstname.lastname@example.org]
- Another golden rule is that no trusted bank or credit card company will ever contact you via email to verify / authenticate your credit cards. If your bank or any other authority contacts you and asks to provide sensitive data on your persona, social security number, health details, passport number, credit card number, etc. check with that authority via a phone call to verify legitimacy of the email before answering anything. Also ask that authority if this means of communication - via email - is safe for transporting sensitive data in accordance with current privacy law or PCI rules for credit cards.
- Never click on links or open attached files in an email from untrusted sender: You should not open attached files or click links in mails if you are not 100% sure that you trust the sender. The easiest way for the cyber-criminals to trick you is to disguise the correct path of links and give attached files a seemingly harmless name.
- You should never ever feel threaten, intimidated or pushed into providing your private information to any stranger on the internet or unverifiable organisation or authority.
- Always use common sense mixed with caution and gut-feeling – as the saying goes “better safe than sorry”. No one ever suddenly wins the lottery or inherits millions from a deceased ex-dictator from Nigeria. Just delete this kind of spam mail.
- Mails that are identified as spam or phishing mails will in 99% of the time be captured by your company’s mail client and be placed in the Junk Mail folder. When cleaning up this folder don’t click on any embedded links or attachments in mails in the Junk Mail folder – contact the mail sender in question via a separate mail, phone, Lync , etc. to verify if there is a problem.
- Think before you click! The sum of the steps above is simply that you need to think before you click. If you do not click the links, attached files and so forth you minimise the cyber-criminals’ chances to get access to your and your company’s data.