With the current situation of everyone working from home, it is more important than ever before that we all understand the possibility and danger of being scammed and phished.
While in isolation, we are all vulnerable to under-communicating with each other and this leaves room for attackers to start targeting users in various organizations for phishing attacks where they will try to convince you to either provide sensitive information over email, click on a link or open an attachment.
Even a well-educated user can be convinced to give up sensitive information to the wrong hands if they do not check with their support team to ensure the mail is legitimate.
The dangers of doing so can lead to Identity theft, loss of personal or corporate data and being blackmailed into paying ransoms starting at R10,000 on the low end.
So with all this in mind, we want you to have the best chances of identifying these kinds of attacks, so we have put together a list of 5 anti-phishing rules to live by.
Asking for passwords in an email.
Never send your password in an email
THE TRAP: You receive an urgent email that appears to be from Microsoft asking you to reply with your password because your account is "compromised" or "over quota" or "suspended due to inactivity".
YOUR DEFENSE: Organizations that care about the protection of your information should never ask you to send bank account numbers, ID Numbers, driver's license numbers, health information, or health insurance information via email. Please turn down requests to send this information in an email.
Be wary of unexpected emails.
Don't click unexpected links
THE TRAP: You receive an unexpected email that claims to be from the "Help Desk", “Support Team” or someone you know. It says it's urgent. You must click a link to prevent problems with your account.
YOUR DEFENSE: Be skeptical of any email that you aren't expecting. Password thieves may insist that immediate action is necessary and may pretend to be your friend or some other trusted entity. Don't let these tactics trick you into letting down your guard. It is very likely a scam.
Be aware of links.
Look out for deceptive links.
THE TRAP: You receive an email telling you to "click here" to verify your account.
YOUR DEFENSE: Hover over the link (don't click!), or for a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window or the hover Tooltip box in Outlook.) Don't click on a link unless it goes to a URL you trust.
Always look at the actual URL of a page.
Verify "https://login.microsoftonline.com/" before entering your work Credentials
THE TRAP: You are asked to enter your Microsoft or business password on what looks like the standard Microsoft or business authentication page.
YOUR DEFENSE: Always check the actual URL to make sure it starts with "https://login.microsoftonline.com/". Trusted UCB authentication pages will never have anything phishy BEFORE the first single slash. Fraudulent login screens designed to steal your credentials may LOOK authentic if you're not paying attention to the URL.
Good Link Example: https://login.microsoftonline.com/
Bad Link Example: https://login.microsoftonline.webs.com/
Also, check for the Extended Validation Certificate in the address bar. Look for a long green bar with a padlock.
Something's phishy.
Contact Support
THE TRAP: You receive an email that looks like it's an official company or Microsoft email. You are not sure if this is a phishing attempt.
YOUR DEFENSE: Forward the message to your support team. The email can be blocked from your system to prevent others from falling victim to the phishing attack.
We hope these security rules will help you as you work from home.
We've put together an awesome eBook to help you work from home. Get it here.