Unfortunately, it’s a familiar story worth remembering to protect you and your customers.
Despite all the publicity about phishing scams, even employees at a major health provider and university system are guilty of risking personal data.
That includes losing medical information and Social Security numbers, for thousands of people, to cybercriminals.
The Franciscan Health System warned more than 12,000 of its patients nationwide in March 2014.
What was the warning?
That their personal information may have been shared with computer scammers who accessed staff email accounts.
About 8,000 patients are in the Pacific Northwest.
Similarly, the University of Washington found it necessary to warn its employees.
“The University of Washington has been a target of some high-profile ‘phishing’ attacks recently, and the Office of the UW Chief Information Security Officer is offering some tips to protect personal, financial and institutional information stored on personal computers,” wrote Bob Roseth at www.washington.edu/news in February 2013.
“Phishing is a form of email or Internet fraud in which cybercriminals entice victims to provide personal information, including login credentials, that can be used to gain access to UW or personal systems, bank accounts and other financial assets, as well as other sensitive information,” he explained.
“Phishing messages often include distressing or enticing statements to provoke an immediate reaction, or they may threaten consequences if you fail to respond,” Mr. Roseth added.
Just as it appeared that phishing has been a heavily publicized topic, the university’s warning serves as a reminder not to be complacent.
We can never assume that everyone is cognizant of dangers posed by cybercriminals.
Franciscan and the UW joined a long list of victimized organizations.
To avoid being victimized, here are eight tips:
1. Take great care in sending e-mails
You shouldn’t ever e-mail passwords or other sensitive information. If you’re forwarding an important e-mail with a password-protected attachment, make sure it’s challenging for anyone to open it.
2. Be strategic if you’re asked to set up security questions and answers
Many questions are easy to answer for cybercriminals if they know anything about you, especially if you are active on social media. People put all kinds of information on their Facebook page.
So don’t answer with information that can easily be found by cybercriminals– in other words, don’t answer the questions directly. In other words, if a question is “What was the name of your high school?” answer with the name of your most disliked subject or most-inspirational teacher.
3. Be skeptical when a cybercriminal tries to get your attention
Mr. Roseth was right when he wrote that authors of phishing methods know how to use fear to get your attention. They also use other methods.
4. Take extra precautions when an e-mail that appears to be a legitimate Web site asks for information
Savvy organizations don’t send such requests for your information. Many illegitimate Web sites are copycats. Look closely at the URLs and check for slight variations in the spelling.
Better still, I always ignore such requests. Instead, I enter the site’s address in the URL and go to the Web site in-question, just to be sure.
5. When you receive e-mails asking for information or for you to click on a link, first consider the circumstance
If you don’t recognize the e-mail address, even if it’s supposedly from an acquaintance or your bank, don’t open it. Certainly, don’t click on such links or open attachments.
As this article was being written, I received this cybercrime e-mail:
From: JP Morgan Chase Bank [firstname.lastname@example.org]
Please open the attachment for more information Mr. James Dimon CEO JP Morgan Chase Bank Fax:1-847-496-8147
Note: the discrepancy between the the alleged bank and e-mail address — a bonafide bank would not have an ATT.net email address.
6. Guard against scams from overseas
Usually, such scams have grammatical and spelling errors. They’re often been translated poorly into English. They also include weird-looking phrasing or out-of-character letters in e-mails to get past spam filters.
7. As Mr. Roseth stated, phishing scams try to get your attention with urgent statements for you to take action
Ignore them. They also pretend to send you important personalized information, but they mistakenly reveal that the same e-mail is being sent to others. Often, they don’t address you by name.
Or, they hack Twitter or Facebook and pretend to send you e-mails from your acquaintances. So check the context of such e-mails – they don’t use the same verbiage as your friends.
8. Take precautions with your smartphones, mobile applications and social media
Watch out for illegitimate apps that want to access your device in order to steal your personal or sensitive information.
Once considered perfectly safe, even Macs have had security issues, too.
From the Coach’s Corner, for dozens of security tips, click here.
And remember, if you read e-mails carefully and take great care, you’ll minimize any threats.
Be careful about reading the fine print…there’s no way you’re going to like it.