October is National Cyber Security Awareness Month. The Financial Cybercrime Task Force of Kentucky wants to inform consumers about the dangers of phishing and spear phishing threats.
Phishing is the attempt to obtain sensitive information (such as username, password, account details, etc.) or install malicious software by pretending to be a trustworthy entity in an email.
Spoofing is when someone masquerades as another using false data (such as a forged email sender address, false Caller ID display number, etc.).
Spear Phishing is a more targeted form of phishing that attempts to get your personal information with more sophisticated spoofing. Not only will it look like it’s from a trustworthy entity, it may also appear to come from a specific individual you know, or it may mention information specific to you and your dealings with the entity.
The Task Force offer the following tips for Kentucky consumers to protect themselves from phishing attacks:
Be suspicious, especially if the message appears to be “urgent” or requests you to “verify” personal or financial information. Common examples are messages claiming your password expired, your account has been suspended/locked or that there have been unauthorized transactions/account charges.
Be cautious about opening attachments or downloading files from emails, regardless of who sent them to you. Ask yourself, “Was I expecting something from this person and do they normally send me attachments/files in this manner?” If you are unsure, contact the sender directly to inquire about the email.
Do not reply or click on links within the message. Hover over the link or email address to check out the actual destination. Retype web addresses directly into the browser window, rather than using the link. For emails, use “forward” rather than “reply” so that you are forced to type in the recipient’s email address rather than use the email the sender provided.
If you are concerned about your account, contact the business by telephone using a number you know to be genuine, not the number suggested in the email.
Delete unwanted emails. Do not asked to be removed from unsolicited emails using the “opt out” feature. Your response only validates your email address, and further spam may follow.Ensure your browser is up to date and security patches are applied. Use anti-virus software and a firewall.
Be wary of any message the urges you to act immediately or offers something that sounds too good to be true.
reate strong passwords. Combine capital and lowercase letters with numbers and symbols into a password at least eight characters long to ensure that it’s strong.
Use different passwords for different accounts. That way if one account is breached, at least your other accounts should still be safe.
Use strong authentication when available, especially for email and financial accounts. Take advantage of added security if your more sensitive accounts offer a layer of protection beyond just a password, such as a security question or a one-time PIN texted to a mobile device. Visit www.lockdownyourlogin.com for more information on strong authentication.
If you think you have been a victim of cybercrime or fraud, immediately file a complaint with your local authorities. Document the incident and the suspected source.
You must be logged in to post a comment.