Recently we have been witnessing a dramatic increase in "phishing" type emails. Please read the following precautions carefully in order to protect your data and network from cybercriminals. Phishing emails look like they came from a real company you know and trust. The sole purpose of a phishing email scam is to trick you into going to a fake website that looks equally authentic, and inputting personal information that would in turn provide the criminal with access to your accounts. Criminals will send unsolicited emails (known as the “bait”) to random workers in an attempt to scam the user into surrendering private information. This information will then be used for identity theft or to help convince your co-workers that the sender is legitimate. While most people will ignore the 'bait', others will bite and thus allow the cyber criminals to perpetrate their schemes. This is called “Phishing” and you need to be aware of it.
Sometimes Phishing is combined with Social Engineering where brazen cyber criminals go one step further and contact users by email, telephone (or occasionally even in person) in an effort to convince them to give up valuable information. Cyber criminals research their victim's social media profiles so they can tailor the attacks by including information about the victim or people the victim may know. This makes the attacker's requests seem more genuine especially when it appears they are familiar with the victim's business.
Some of the more common phishing scams:
You're asked to validate your account by following a link.
You're told there's a problem with your current account.
You're threatened with action (i.e. closing your account) if you don't respond.
Knowing the risks of these attacks will help you defend against cyber criminals who try to trick you into putting your organization's network at risk. Here are a few things to consider:
Check links in email by moving your mouse over links and verifying the addresses. If the address doesn't match the website or company you are expecting, don't click the link and report the email to your helpdesk.
Don't blindly follow instructions from people in email, on the phone or 'technicians' who happen to stop by your desk. Ask yourself, “Is this a legitimate request?” and “Does this person need the information they are requesting?” Help technicians do not need your password to do their work – so don't get tricked into helping the cyber criminals.
Beware of threats – if an email is threatening to suspend your account or states that your system has been compromised, it may be another example of the same kinds of tricks. Don't fall for fake 'alerts'.
Most importantly if you think that you may have been a victim of a Phishing or Social Engineering attack, report it to BlueBird immediately so we can take further actions to protect you. You can reach our tech support team at 416.931.2121 or via email at firstname.lastname@example.org.
Following good cyber security practices will help shutdown cyber criminals and make your corporate network as safe as possible.