Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Email Phishing

Posted on October 25, 2017 by Jean Eaton in Blog

Don't get caught on the phish-hook!

Did you know – 1 in 95 emails sent to small and medium sized businesses (SMB) include malware that can include ransomware or other malicious attacks. (source: Symantec)

There are many creative ‘cyber bad guys' who love to trick you into providing your personal information. You need to educate yourself about the kind of scams out there, and take heed to prevent a cyber attack.

Employees are still widely considered to be the weakest link in any security infrastructure,so it’s no surprise that phishing remains so popular and effective. The fact is, good phishing email looks just like regular messages from people we know and care about, and to make matters worse, it can also be difficult to detect.

When it comes to phishing, prevention is the best defense. Investing in employee education and training now can save you a great deal of time and effort further down the line.

Let's look at the most common kinds of cyber assaults:

  • Spam email includes large amounts of unsolicited emails that can annoy you, cause you to waste time, and slow down your internet communications.
  • Phishing emails look like they come from a real company you know and trust. The sole purpose of a phishing email scam is to trick you to go to a fake website that looks real, and enter personal information that gives the attacker access to your data.
  • Spear-phishing is a targeted attack. It looks real because the perpetrators use accurate-sounding information to trick you into providing more of your personal data. The attack may be launched when you open the email or attachment (it looked real, right?), or when you followed an external link. The attackers use malware-compromised systems or credentials to steal data and sell it on the black market.
  • Ransomware is a cyber attack that often uses phishing to access your network. This attack relies on users to make mistakes even if your network has antivirus software installed. The attackers encrypt your computer network (and any backup devices connected to your network) that prevents you from opening any of your computer data. The attackers hold your data ransom until you pay their hostage demands.

Many businesses admit to being attacked. It only takes one person in an organization to open an attack email, and everyone is impacted – possibly by a data breach, definitely by the time and money it takes to contain and report the attack.

It is essential to train your employees to help them identify an attack and prevent a breach.

 

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

NCSAM Champion

#15DayPrivacyChallenge, #CyberAware, cyber secruity, email phishing, Practical Privacy Coach

How to Prevent Phishing Attacks

Posted on January 27, 2017 by Jean Eaton in Blog

“Hello Dear sir/madam, I have received large sum of money to be transferred to your bank account.Please to email me right away with your account information. Many thanks.”

Ever get one of these emails? We're pretty good at recognizing this kind of scam, but cyber criminals are very clever to find new ways to hijack our personal data.

These kinds of attacks are called “social engineering attacks” and they include “phishing”, “spear phishing”, “pharming” and “vishing“. These attacks exploit human tendencies of wanting to be helpful to people in need, trusting those with some form of authority, or even just being curious or greedy.

By claiming to be a system administrator who needs your password to fix your account, or your credit card company needing to verify your credit card number and expiration date, or someone from far away who will give you millions of dollars as soon as you send him some money first….these are all ways to gain unauthorized access to systems or information in order to commit fraud or identity theft.

It only takes one click!

A phishing scam usually involves an e-mail that encourages a user to click on a link, which could then expose the user’s computer to malicious software. The software can then open the doors to unauthorized disclosure of information, loss of information and/or denial of network service.

We have also seen an increase in the number of ransomware attacks where the attacker, once inside the victim’s system, changes the passwords or encrypts the data from the authorized users’ files. The attacker then demands that the owner pay them to return access to the information.

Last year, the Canadian Revenue Agency was forced to delay the tax-filing deadline because its network was exposed to the Heartbleed bug, which essentially allows unauthorized people to access supposedly protected Internet traffic. A computer-science student in London, Ont., is facing several charges for exploiting the vulnerability created by the bug to access sensitive information.  (The Globe and Mail May 14, 2015.)

Don't get caught on the phish-hook! 

There are many creative ‘cyber bad guys' who love to trick you into providing your personal information. You need to educate yourself about the kind of scams out there, and take heed to prevent a cyber attack.

[clickToTweet tweet=”Employees are widely considered to be the weakest link in security infrastructure. Be #PrivacyAware” quote=”Employees are still widely considered to be the weakest link in any security infrastructure, so it’s no surprise that phishing remains so popular and effective. “]

The fact is, good phishing email looks just like regular messages from people we know and care about, and to make matters worse, it can also be difficult to detect.

When it comes to phishing, prevention is the best defense. Investing in employee education and training now can save you a great deal of time and effort further down the line.

How Do You Avoid Being a Victim?

Tip – Be secure, be suspicious, be up-to-date.

Instructions

Digital chores

Click the image to download the pdf

  • Learn more about phishing – The Office of the Privacy Commissioner of Canada has a Top 10 tips to protect your inbox, computer and mobile device.
  • Educate yourself – and your staff and family– about cyber security awareness. Use the ‘The Realist’s Guide to Cybersecurity Awareness’ from Barkly to help you with ideas on how you can create a privacy and security awareness program.
  • Print the poster 5 Ways to Help Employees be Privacy Aware.
  • Use the Family Digital Chores Checklist from ESET-NCSA to remind you to conduct routine digital maintenance at home and at work.
  • Be suspicious of emails from financial institutions or other organizations hat ask you to provide personal information online. Reputable firms never ask for information in this manner.
  • Look closely for clues to fraudulent emails like a lack of personal greetings and spelling or grammatical mistakes.
  • Verify a phone number before calling it – if someone left you a message or sent an email claiming to be from your financial institution, make sure you check that the number is the one printed on the credit card or your bank statement.

 

DPD Champ badge

Celebrate Data Privacy Day with Information Managers!

 

[clickToTweet tweet=”Practical #Privacy tips, tools, and resources! Get it before it's gone. #PrivacyAware” quote=”Concerned about your privacy online? The FREE Data Privacy Day E-course makes it easy for you to enjoy the benefits of the internet while protecting your privacy.”]
It's easy, fun and filled with practical tips, tools, and resources!

Click here: Get it before it's gone.

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

#PrivacyAware, Data Privacy Day, email phishing, phishing, Practical Privacy Coach, prevent phishing attacks, privacy awareness, security

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

I have used Corridor's Privacy Awareness in Healthcare: Essentials online training program. The course has helped satisfy the training requirements of the Health Information Act. Staff go through the course at their own pace while we monitor to ensure completion.

- Luke Brimmage, Executive Director, Aspen Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}