ACI Blog
Looking for fresh ideas for your association? Look no further - our blog is a chance for you to pick our brains virtually, see what’s working for our clients, and identify approaches that you might like to adapt.
Looking for fresh ideas for your association? Look no further - our blog is a chance for you to pick our brains virtually, see what’s working for our clients, and identify approaches that you might like to adapt.
We don’t have to live in fear of phishing scams, but we do have to be mindful they are always present and we must be aware.
Phishing is an attack where a scammer calls, texts or emails you, or uses social media to trick you into clicking a malicious link, downloading malware, or sharing sensitive information. Phishing attempts are often generic mass messages, but the message appears to be legitimate and from a trusted source (e.g. from a colleague, bank, courier company, etc.).
New phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one. For IT administrators, ongoing security awareness training and simulated phishing for all users is highly recommended in keeping security top of mind throughout the organization.
It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in random emails and instant messages, however, could be a dangerous move. Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead? A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website. When in doubt, go directly to the source rather than clicking a potentially dangerous link. But don't reply to the email you've received; send a new one to your contact to verify they actually reached out to you.
Most popular Internet browsers can be customized with anti-phishing toolbars. Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it.
It’s natural to be a little wary about supplying sensitive financial information online. As long as you are on a secure website, however, you shouldn’t run into any trouble. Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar. If you get a message stating a certain website may contain malicious files, do not open the website. Never download files from suspicious emails or websites. Even search engines may show certain links which may lead users to a phishing webpage which offers low cost products. If the user makes purchases at such a website, the credit card details will be accessible by cybercriminals.
If you don’t visit an online account for a while, someone could be having a field day with it. Even if you don’t technically need to, check in with each of your online accounts on a regular basis. Get into the habit of changing your passwords regularly too. In fact, if given the option always upgrade to two step verification.
Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit. If you typically ignore messages about updating your browsers, stop doing that. Most browsers have some way of indicating that an update is available - learn what yours does. The minute a web browser update is available, download and install it.
High-quality firewalls act as buffers between you, your computer and outside intruders. You should use two different kinds: a desktop firewall and a network firewall. The first option is a type of software, and the second option is a type of hardware. When used together, they drastically reduce the odds of hackers and phishers infiltrating your computer or your network. Using a two-way desktop firewall - one that blocks incoming malicious requests or websites, and stops unauthorized outgoing traffic - is a good idea of your computer is not behind a corporate network firewall.
Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts. Many popular browsers allow you to block pop-ups; you can allow them on a case-by-case basis. If you encounter a pop-up, don’t click on the “cancel” button; such buttons often lead to phishing sites. Instead, click the small “x” in the upper corner of the window.
As a general rule, you should never share personal or financially sensitive information over the Internet. When in doubt, go visit the main website of the company in question, get their number and give them a call. Most of the phishing emails will direct you to pages where entries for financial or personal information are required. Never send an email with sensitive information to anyone (including credit card payments for events, etc.).
There are plenty of reasons to use antivirus software. Special signatures that are included with antivirus software guard against known technology workarounds and loopholes. Just be sure to keep your software up to date. Firewall protection prevents access to malicious files by blocking the attacks. Antivirus software scans every file which comes through the Internet to your computer. It helps to prevent damage to your system.
The reason such scams continue is because they are successful enough for cybercriminals to make massive profits. Phishing scams have been around practically since the inception of the Internet, and they will not go away any time soon.
Stay mIndful, but don't live in fear. Simply employ safe practices and don't click anything you haven't instigated yourself.