Article by Tracy Gregorio as appearing in the Virginia Ship Repair Journal
Phishing attempts and other types of malicious email are some of the most dangerous messages received. According to the Anti-Phishing Working Group (APWG), the total number of phishing attacks in 2016 was 1,220,523, a 65% increase over 2015 (February, 2017). Phishing is one of the leading ways employees open businesses to infiltration by cybercriminals. Scammers hope that unsuspecting victims will respond to their urgent-sounding requests by providing sensitive information, such as account passwords, social security numbers, or other identifiable facts. Other malicious correspondence may appear innocent at first, but include downloadable attachments that will infect computers with malware. To identify dangerous messages and safeguard privacy and finances, take the following precautions with email accounts.
1) Use the spam protection filters offered by your email service, and/or
2) Install an internet security program that blocks unwanted email. They will identify most spam for you.
3) Avoid click-bait. Malicious emails often contain links to phishing websites. Unless you’re certain the link is from a trustworthy source, don’t click on it. If you’re uncertain, but think it might be legitimate, manually type the website address into your browser. This will reduce your risk of ending up at an illegitimate website.
4) Beware of anyone asking for a password, bank or credit card information, or a PIN. Emails claiming that your account will be locked or disabled if you don’t enter a password are almost always phishing scams.
5) If it sounds too good to be true, it probably is. No one is willing to pay large sums of money for small tasks on your part. Foreign royalty does not need your help. There is probably not a “miracle cure” for your ailment and “get rich” schemes are rarely credible.
6) If you receive an email that appears to be from a friend or relative, but is requesting personal information or help, contact the person by other means (such as by phone) for confirmation. Do not wire money or provide account information until you have confirmation.
7) Check the source of the email. Scammers often use email addresses that appear legitimate at first glance, but minor differences can reveal their ploy. They may use an incorrect domain name (irs.net instead of irs.gov) or misspell the company name (Verizion instead of Verizon). Other spelling errors or addressing you by something other than your name (Dear Customer or Hello Friend) are also a tip-off that the email is probably fraudulent.
8) Do not open attachments unless you can confirm they’re from a legitimate source. Attachments can contain malware, software intended to damage your computer.
9) Grammar errors and odd sentence structure often point to scammers. (“After sent email, please do this,” for example.)
10) Legitimate sources do not ask for your Username and Password by email, nor do they provide both in the same email message to you. If you forget your username or password, it is common practice for a company to send your username and password recovery information (usually instructions for setting up a new password) separately.
If you have been a victim of internet crime, you can report it to the Federal Bureau of Investigation via the Internet Crime Complaint Center. Unsolicited and spam email can be forwarded to the Federal Trade Commission at firstname.lastname@example.org for investigation.
About the Author
Tracy Gregorio is the President G2 Ops, Inc., a firm specializing in model-based systems engineering, cybersecurity and strategic consulting in support of the Federal Government and commercial organizations. She has served in strategic and leadership positions for Regent University, The Family Channel and U.S. Government. She holds an M.S. in Computer Science from Old Dominion and a B.S. in Computer Science from Virginia Tech.