We have been advised of a new phishing attack from one of our carriers and want to share this important information with you. While the recent attacks have been aimed at businesses, this is good information for personal users as well.
New Spear Phishing Attack Using Employee SSN As Bait
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
This new attack is made to look like it comes from FedEx. The phishing emails included the targeted employee's name and Social Security number. Noteworthy here is that these phishing emails "up the game" by actually including employee personal information in the email, which may be the reason the recipients were tricked into clicking on the email's links.
Here's some general information regarding phishing techniques:
By Email
The most common form of phishing is by email. Pretending to be from your financial institution, or a legitimate retailer or government agency, the sender asks you to "confirm" your personal information for some made-up reason. Typically, the email contains a link to a phony Web site that looks just like the real thing – with sophisticated graphics and images. In fact, the fake Web sites are near-replicas of the real one, making it hard even for experts to distinguish between the real and fake Web sites. You enter your personal information onto the Web site – and into the hands of identity thieves.
By Phone
Phishers also use the phone to hunt for personal information. Some, posing as employers, call or send emails to people who have listed themselves on job search Web sites.
Something’s Phishy If
While phishing scams can be sophisticated, the following features are often indicators that something is "phishy." Be aware of a potential scam if:
- Someone contacts you unexpectedly and asks for your personal information such as your financial institution account number, an account password or PIN, credit card number or Social Security number. Legitimate companies and agencies don’t operate that way.
- The sender, who is a supposed representative of a company you do business with, asks you to confirm that you have a relationship with the company. This information is on record with the real company.
- You are warned that your account will be shut down unless you "reconfirm" your financial information.
- Links in an email you receive ask you to provide personal information. To check whether an email or call is really from the company or agency, call it directly or go to the company's Web site (use a search engine to find it).
- You're a job seeker who is contacted by someone claiming to be a prospective employer who wants your personal information.
**With the tax season upon us, be advised that the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.**
Be aware and stay vigilant about protecting your private information!
Make sure you're protected. Learn more about the cyber liability insurance options Dean Heckle & Hill offers.
(Article Courtesy: Beazley Insurance and IRS)