Phishing scams are very popular and often revolved around products or services which are important to us and widely used. Here is a successful scam that is going around this week, the bad guys are emailing you that your Netflix account has been suspended, and it looks just like the real thing. The email is titled Netflix: Your suspension notification and they are trying to get your login information and your credit card data. Don’t fall for this type of scam. If you want to change the settings of subscription services like this, never click on links in an email and just type the name of the site in your browser or use a bookmark that you set.
The good news is that they are not attempting to hack into your email and steal your clients closing funds but it is important to train yourself to spot these scams quickly. Here is a recent post on learning the signs of scam emails.
and always… THINK BEFORE YOU CLICK, please.
A new phishing email is going around with an MS Word attachment offering unique Google search tactics. Do not open the email and more importantly do not open the attachment. Even though the Word document has no active content, no VBA macros, embedded Flash objects or PE files which are often elements that could flag an attachment as spam, there are several links in the document that trigger scripts located on third-party web servers. Once the attachment is opened the bad guys will receive information about the software installed on your computer as well as your IP address. This information will be used in the future by the bad guys to deliver more targeted and effective mechanisms for attacks including ransomware and keylogging. Yet another good reason to secure a Cyber Liability policy as well as improve your agents’ cyber awareness.
So how do hackers get into your email account? One way is to trick you to grant them access. Humans are always the weakest link in any security chain 🙁
Here is an example of how that works, and this one hit close to home…PBI Group received the following email this week in an attempt to phish out our username and password for our email system. The email came from Rackspace (who is our email provider) telling us we hit our email storage quota and to click here to reactivate or our emails will be purged. The email looks real enough but it was not. After receiving the email, we called Rackspace to inquire about the status of our email service and they were aware of the fraudulent email and asked us to disregard. That was a close call.