Tag Archives: personal information

Privacy Basics: Phishing. How Not To Be the Bait

Phishing is a deceptive method in which a criminal sends an email or text that mimics or claims to be from a trusted source (such as a bank, or the Internal Revenue Service, or the Better Business Bureau, or the Federal Trade Commission) in an attempt to steal personal and financial information from you – such as a social security number, credit card number, account number or password.

This scheme only works if the perpetrator convinces you to go from the email or text to a bogus website.  Below are some tips on how to spot a phishing email.  Once you spot it, delete it.

  • You’ve Got (an Unexpected) Email!  Let common sense be your guide. Legitimate companies don’t ask for personal information via email or text.
  • Act Now!  Online scammers prey on vulnerabilities. One trick is to create a sense of urgency by convincing you that something bad has happened (or will happen) and you need to act quickly or there will be dire consequences. For example, they might threaten to close your account or take other action against you if you don’t act quickly.
  • “Dear Account Holder.”  Most phishing emails have generic salutations like “Dear Account Holder” or “Our Valued Customer” or “Dear Client” or “Greetings yourname@yourbusinessaddress.net”
  • Phishing Expeditions Request Your Personal Information.  Remember, the aim of a phishing expedition is to get you to surrender your personal information. Be especially suspicious if you are asked to update your information; that’s a very common ploy.
  • Link is Forged. Don’t be duped by a web link that appears to be legitimate just because you may recognize some part of the business name in it. That doesn’t mean it links to an official website. One trick to ferret this out is to scroll over the link and see if it matches the sender’s email address.  If not, that’s your answer.
  • “S” stands for “Secure.”  Only provide personal or financial information through a website if you have personally typed in the web address directly into the browser yourself, and the site appears to be secure.  Tip:  Websites that are safe start with “https:” – where the “s” stands for secure. If you don’t see “https:” it’s probably not a legitimate website.

Spear phishing is a more sophisticated form of phishing.  In the case of spear phishing, the presumed sender of the email an individual within your company and it’s generally someone with authority like a “System Specialist” or “Network Administrator.”  Spear phishers target sensitive confidential information of the company. Frequently, the email or text will request you to either log in to a bogus web page that requires the employee’s user name and password, or to click on a link (that will initiate the download of spyware or malware on your computer or the company’s network). 

  • Tip:  If you don’t recognize or have doubts about the identity of the email Sender, you should look them up on your company’s directory or contact your supervisor.

 Takeways

  • Once you’ve spotted a phishing message, delete it.
  • If you accidentally click on the phishing link and a program downloads on your computer or network, contact your tech support department right away.
  • Add signature blocks to your emails so that you’re easily identifiable as a company employee. Include name, title and phone number so you can be contacted directly.

 

Nolo’s Privacy Matters Blog Premieres!

Welcome to Privacy Matters, a Nolo blog devoted to information privacy and data security issues as they relate to small businesses and consumers.  Information privacy covers the rules that apply to the gathering and handling of “personal information” — in other words information that can be traced to a particular individual, like geolocation information, credit information, or health records. 

Privacy law varies by industry, state, country, transaction and customer and is complicated.  Through blog posts and an ongoing series of Nolo primer articles, I hope to provide general, useful information about fundamental privacy principles and best practices that Internet, technology and bricks and mortar businesses need to be aware of, as this area of law can be a field of landmines for the unknowing.

Class action lawsuits and Federal Trade Commission enforcement actions against tech titans like Facebook and Google, and high-profile data breaches jeopardizing that private data of millions of individuals and tarnishing the reputations of scores of companies like Sony, Heartland Payments Systems and RSA Security — have thrust privacy onto the front pages.  It’s important for small business owners to recognize that the same rules that have gotten large companies into trouble apply to small businesses as well.  When it comes to privacy, an once of prevention is, in fact, worth a pound of cure.