phishing

We’re all getting emails these days from hackers seeking to install malware on our computers and then steal our data. Phishing and spear phishing schemes start with innocent looking email messages, but when an unsuspecting user clicks a link, the result can be a risk management nightmare.

One of the easiest ways to check a link is to hover over it – but do not click it! – with your cursor. The web site address of the link will pop up, and you can see whether the actual address that pops up matches the text of the link in the email.

For example, let’s say you’re a customer of Acme Bank, and you get an email purporting to be from them asking you to click a link labeled “Update your login credentials” in the email. When you hover over the link, however, the web site address that appears is not Acme Bank at all, but something more like “iwill_steal-yourmoney.co.” In addition to deleting the message pronto, you should also alert other members of your organization so they don’t fall for the trick either.

Sometimes, you’ll run across a web site address might seem legit, but you just don’t know. The answer won’t be as obvious as the previous scenario. Maybe a friend or coworker told you about a site, or you found it on a search engine. Here at INSUREtrust, we recently ran across this situation with the real site of a real insurance organization. When we tried to go to the site, an ominous red screen appeared that warned if we continued, we might encounter malware. We definitely did not click to continue to the site!

Instead, we researched the site with these online tools:

https://sitecheck.sucuri.net
https://www.webinspector.com
http://www.isithacked.com

Turns out, the web site had been blacklisted by all three tools for potential malware issues. We called the organization to inform them of the problem, of which they were unaware. We’re glad we could help them, but we won’t be going to that web site until the issues are cleared up!

Remember, there are all sorts of evil plots out there to steal your data. You need to be ever-vigilant. Doing a simple web check on links in emails – and other easy steps like this – will help. But, there is a lot more to this whole IT security puzzle. If you’d like to learn more, just email us for a copy of our “IT Security Policy Guide.”