“Hello Dear sir/madam, I have received large sum of money to be transferred to your bank account. Please to email me right away with your account information. Many thanks.”
Ever get one of these emails? We're pretty good at recognizing this kind of scam, but cyber criminals are getting very clever at devising ways to hijack our personal data.
These kinds of attacks are called “social engineering attacks” and they include “phishing“, “spear phishing“, “pharming” and “vishing“. These attacks exploit human tendencies of wanting to be helpful to people in need, trusting those with some form of authority, or even just being curious or greedy.
Illustration from the Privacy Commissioner of Canada, www.priv.gc.ca
Phishing awareness training is needed at all levels of your business – even CEO's have been caught by phishing scams. By claiming to be a system administrator who needs your password to fix your account, or your credit card company needing to verify your credit card number and expiration date, or someone from far away who will give you millions of dollars as soon as you send him some money first….these are all ways to gain unauthorized access to systems or information in order to commit fraud or identity theft.
4 Tips to Avoid Being a Victim
- Install a firewall and anti-virus software on your computer.
- Be suspicious of emails from financials institutions or other organizations that ask you to provide personal information online. Reputable firms never ask for information in this manner.
- Look closely for clues to fraudulent emails like a lack of personal greetings and spelling or grammatical mistakes.
- Verify a phone number before calling it – if someone left you a message or sent an email claiming to be from your financial institution, make sure you check that the number is the one printed on the credit card or your bank statement.
Celebrate Data Privacy Day with Information Managers!
Follow Data Privacy Day around the world using Twitter and #DPD15.
We are proud to be a Data Privacy Day Champ!
