Phish Bait

Three Tips To Help Keep You From A Hacker’s Hook

We all know to watch for suspicious emails. But phishing emails are becoming increasingly more sophisticated, tricking even the savviest among us. Here are three tips to avoid falling for the latest tricks.

1. Check the Source

Before you open that email, take a moment to consider the source of the email and whether that person is likely to send you an attachment or link. Did the email come from someone with whom you regularly communicate? Check the email address, screen name, or phone number associated with the message. Hackers often mimic an email address that you would trust with one letter or number off from the original name or domain.

For example, john_smith@company.com looks a lot like john_sm1th@company.co, but the subtle difference dictates whether you are receiving a business email or a malicious fake.

The address may even look exactly like a trusted contact but when you mouse-over the name, you can see that the address is different. A hacked email account can also be used to send malicious content, so be sure to evaluate the content of the message.

2. Check the Content

Before you click on a link or download an attachment, take a look at it. Many times, if you copy the link or name of the attachment into a search engine, you can find out whether or not the content is actively being used to spread malicious content (a virus, ransomware, etc.)

Ask yourself whether this is the type of content you usually receive from the sender. Are you expecting an attachment from the sender? Is the attachment or link the only content of the email? If you have the slightest doubt, either delete the message or give the sender a call. The amount of time used to verify the content is relatively short when compared to the time and expense incurred remediating a cyber-attack or data breach.

Hackers often make an urgent request to trick us into clicking on malicious links or files. Any urgent request sent via email should be verified in-person.

3. What if I Clicked on the Wrong Thing?

Everyone makes mistakes and you wouldn’t be the first person to click on a bad link or download a bad file. Even if nothing happens immediately, there is no guarantee that the threat is gone. Malware can lay dormant for weeks, months, or even years before activation. It may also be transmitting information in the background without your knowledge.

So, take action as soon as you realize you clicked on a bad link or file. Alert your information technology security department right away. If you are a smaller operation, run a virus scan and keep an eye on your financial information.

Want more information like this delivered straight to your inbox? Click the “Follow” button on the bottom right, and enter your email address.

 

© 2018 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This article is intended for information purposes only. All recommendations are general guidelines and are not intended to be exhaustive or complete, nor are they designed to replace information or instructions from the manufacturer of your equipment. Contact your equipment service representative or manufacturer with specific questions.

 

Monique Ferraro

Monique is counsel in Munich Re’s US Cyber Practice at HSB. Previously, she was principal at a digital forensics, e-discovery and information security consulting firm and owner of a law firm. Ms. Ferraro is a Certified Information Systems Security Professional.

Submit a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s