Wednesday, April 23, 2008

Employee security training: How to catch ‘phish’

Do your employees know how to spot phishing when they see it or even know what it is?

Phishing is a popular scam where Internet crooks spam potential victims to gain access to personal financial information. These ‘phishers’ use clever ways to lure unsuspecting victims into handing over credit card information, bank account numbers, passwords and other personal information. It is a criminal activity that can result in identity theft, financial theft or malicious computer viruses.

This type of fraud isn’t limited to sweet old ladies. Recent major scams have gone after the big fish - corporate CEOs.

Earlier this month, scammers sent emails telling CEOs that their company was being sued in federal court and to follow a link that will download the court documents. After downloading malicious software disguised as a special browser plug-in, the criminals gained access to everything on the victim’s computer.

This technique is a new form of “spear phishing” where phony emails are written as if they were coming from within the organization, or from a sender with close ties to the organization, like U.S. federal courts. Many times these emails contain believable information, complete with the victims name, company name and phone number.

How do you keep your company safe?

Make sure to provide thorough employee security training with tips on how to avoid phishing scams and what to do if someone suspects they are a victim.

The federal government created a resource,, to provide the public with information on a variety of Internet scams.

They offer some tips on how not to get ‘hooked’ by a phishing scam:

  • If you receive a message asking for personal or financial information do not reply to the email or click on any links.
  • Some scams involve calling a phone number to update account information. While the phone number may look legitimate, with a correct area code, the number you call will draw you right into the scam.
  • Use anti-virus and anti-spyware software, along with a firewall. Make sure all are updated regularly. Without these tools, there could be software on your computer tracking every move you make and you wouldn’t know it.
  • Never email personal or financial information.
  • Keep a close eye on credit card and bank statements for unauthorized charges.
  • Call your HR department or whoever is responsible for online security and report the email immediately.

1 comment:

macdataadvantage said...

Society has been transformed by tragedies and lawsuits in recent years. Today, we must recognize the personal and economic risks that threaten our lives and income. Trusting people without taking precautions is a recipe for disaster. You can protect yourself, your family, your customers, and your company by performing affordable and simple background checks today. Have a visit to and know more about employee security...

Brought to you by