Some Basic Tips from the Med USA Helpdesk
Helpful tips to keep your data safe
- Do not respond to emails asking for your password. The helpdesk will never ask for your password and this should only be used by you! You should never disclose your password to anyone.
- Only click on links from trusted sources. Never click an unfamiliar link on a webpage. This includes tiny URLs and any link where you can’t tell where it will take you.
- Don’t open unsolicited or unexpected attachments. If you can’t verify an attachment is legitimate please call the helpdesk to help determine if the attachment is safe to open.
- Delete sensitive information whenever you can. Keep it off of your workstation desktop.
- Turn off monitors before you leave the office. By turning off monitors this will help to preserve the life of the monitor.
- Restart your computer at least once a week. By restarting your computer this will help fix common issues from installing recent updates to flushing temporarily memory..
Be Aware of Spear Phishing
No, this has nothing to do with fish, lakes or streams. Spear phishing, also referred to as whaling, is being used to target organizations or businesses to obtain personal information for fraudulent purposes. The scam entails a substantial amount of in-depth research into the target organization structure, specific functioning, and employee information so that the scam can come across as real as possible. Social media is making it a lot easier for the hackers to obtain all the information that they require to pull off a successful scam. Many large breaches that have recently taken place, started with a spear phishing scam via an email. Email is largely used for communication within the organization and thus this is a simple approach for attackers to use. It does not take much effort to fake an email address and the attacker is one step closer to the goal.
The attackers’ aim is to steal company information, credentials and to deploy malware. The scammer sends an email, highly personalized. The email seems to come from a trusted source and the email address used at first glance looks the same as other frequently used ones within the organization but on closer inspection, this is not the case. The scammer’s aim is to entice urgency, often the email will pertain to an urgent matter that requires critical action thus taking priority over everything else. An employee opening the email sees an email sent from a colleague or a trusted source who they regularly deal with, demanding that they take urgent action. This often involves the recipient following a link to a fake website but because they are unsuspecting and nothing has so far appeared out of place the convincing site is the next step in the scam.
To the employee, the site looks and feels authentic and they continue to act on the urgent request by either entering company information and or password or providing financial details. Alternatively, the email may require you to download an attachment which will place malware on your computer that can log activity allowing the scammer to access your company information
What Can You Do to Help Prevent This?
If you receive an urgent email that you are not expecting, requesting you to take urgent action often relating to a customer service complaint or legal issue- take caution.
Take extra care when looking at the senders’ address, it may look similar but not identical or maybe one that you do not recognize.
Look out for incorrect spelling, vocabulary used incorrectly, etc.
Be careful on emails with a link to a website or attachments. Make sure it appears authentic complete with logos and branding.
If you receive an email requesting urgent action, often involving the inputting of company personal information, make payment or download software. Please take action and review with manager and helpdesk.