Beware of Spear Phishing Attacks
It’s official: data stolen in the Epsilon breach is being used for spear phishing attacks.
Chase Bank customers, beware of a phishing email that is circulating. The email warns that there may have been fraudulent activity on your account, and you must click a link to verify the account activity. Otherwise, your account will be frozen.
Don’t click the link.
The link will not bring you to Chase Online; it will bring you somewhere other than Chase Online.
As you can see in the above sentence, it is easy to make a fake link look legitimate within the text of an email; though, in my example, you were brought to a site that is clearly not Chase Online and is a harmless (and super cool) site. << Insert Netmail Community plug here — Netmail Community, Join the Conversation! >>
I'm sure you've heard the advice already, but here’s some highlights of how to beat a phishing attack:
- Don’t click a link in a received email (unless you are absolutely certain the email is legitimate and the link is harmless). When in doubt, manually type the web address you would like to visit rather than clicking a link.
- Don’t transmit personal information in response to email. Receiving an email from a bank about fraudulent activity can make us panic and want to rectify the matter ASAP. Scammers rely on this panic to trick us. Remember that if your bank needs to reach you with important information, they will not use email as their method of contact.
- If you use the internet for banking, payments, etc., always double-check that the website you are using is secure (look for an "s" after the http).
- Be alert when reading links and email addresses. Scammers rely on our busy brains to gloss over fishy (phishy?) links and addresses. Here’s a crash course on reading links.
- Look for red flags in the emails you receive, such as grammatical errors or weird syntax — these are clues that an email is fraudulent.
- Report suspicious emails to the proper authorities. Epsilon provides the following information on the "Consumer Information on Phishing" page of their website:
Forward phishing emails to spam@uce.gov – and to the legitimate company that is being misrepresented in the phishing email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
If you've been scammed, visit the Federal Trade Commission's Identity Theft website at ftc.gov/idtheft and file a report with the Federal Trade Commission at www.ftc.gov/complaint.
Of course, effective security software is also critical in defending ourselves against spear phishing.
– Jane Bolton Lacombe
Jane is the Product Marketing Coordinator at Messaging Architects.
Veröffentlichung eines Kommentars
