Disturbing Advances in Phishing Website Scams
Are you sure your employees are not visiting risky sites? Do they know how to identify phishing e-mails and websites? Educate them and keep your business safe from harm.
Folks, it can happen to anyone. About a year ago I received an e-mail that appeared to be sent from e-bay. It requested that I reset my password due to a security breach. I was reviewing tons of e-mail and at first glance it looked legit to me. I clicked on the link provided, updated my info and went back to work. A few minutes later I realized: that wasn’t ebay! Why would they want me to change my password? And if they did, why did they need my screen name as well?
Most people have a handful of websites they visit regularly and don’t think twice about clicking on e-mails from those select companies. Beware! Some of these sites may be compromised and phishing e-mails can lead to disaster.
Double check the web address for the site you would like to visit and avoid infection or phishing scams. Simply place the cursor over the ink you wish to check, right-click to open the white menu box and choose “Properties”. A box will open containing the information about that link. If you remmber the web-site address or have it saved in your favorites, double check that address against the one shown to ensure it is not a scam.
Don’t click on links provided in e-mails, unless you are sure they are safe. Use your “favories” menu as a place to strt from. Then search the site for the particular promotion or offer you had seen in the e-mail.
Phisher’s are getting smarter and they now have the ability to provide phishing pages that can steal your information but still log you into the website you intended to visit. Without proper Web Defense systems in place, your employees are effectively unprotected. For example, say you want to log on to your bank’s website and you click on a link provided in an e-mail in order to open the site. If the e-mail is a fraud, the link provided can divert you to a phish page to login. This is a web page created with the intent to gather your user or other information in order to steal personal data. When you enter your login details they can be automatically stored for the phisher to use again, but you may not even notice a problem. Phishers can now provide a seamless link from the initial login on a the fake page to the intended website. CSG’s Web Defense service works at the network perimeter blocks the Phisher’s ability to bring your users back to the the dangerous webs site.
Nothing looked out of place… Phishers can duplicate a wide variety of websites today and some new phishing pages take the login information gathered and log you in for real so you never know the difference. Take the initiative, check links provided in e-mails or just avoid them like the plague. There may be no break in usual login procedures or indication that you have been phished until it’s too late. If you have any questions, we welcome your comments.
