Durango Chamber of Commerce | Durango, CO
  • Chamber
    • Members Only Portal
    • Become a Member >
      • Apply On-Line
    • Member Benefits/Advertising Opportunities
    • Chamber Communications >
      • Blog
    • Leadership La Plata
    • Durango Diplomats
    • Young Professionals of Durango >
      • YPOD Apply On-Line
      • YPOD Board
    • Gift Cards and Certificates
    • Internships
    • Chamber Annual Awards
  • Connect
    • Connect With Board
    • Connect with Staff
    • Photo Gallery >
      • Girls Gone Golfing XIII (2019)
      • Snowdown Business After Hours 2019
      • 2019 Durango Rocks!
      • Table Top Expo/BAH 2018
      • Girls Gone Golfing XII (2018)
      • 2018 Durango Rocks!
      • Table Top Expo/BAH 2017
      • Girls Gone Golfing XI
      • 2017 Durango Rocks!
      • Table Top Expo/BAH 2016
      • Girls Gone Golfing X
    • Job Postings
    • Submit Job Posting
    • Business Resources/Advocacy >
      • Governmental Affairs Committee
      • Government
  • Visitors
    • Relocation >
      • Clubs and Organizations
      • Religious Organizations
      • Population and Employment
      • Active Seniors
      • Government
      • Education
      • Transportation
      • Sustainable Durango
      • Health Care
      • Real Estate and Construction
      • Apartments
      • Banks/Mortgage/Insurance
      • Utilities
      • Media
    • Lodging
    • Restaurants
    • Shopping
    • Transportation
    • Arts, Culture and Entertainment
    • Sports and Recreation
    • Health Care
    • Visitor Coupons
  • Events
  • Directory

how to guard against spear phishing attacks

1/10/2019

0 Comments

 
  1. Check the “from” email: When you receive an email that looks like it’s from a person you know, always check the email address next to the name of the sender to verify that it’s correct. Email addresses can sometimes be spoofed, so to double check, click “reply” to see what email appears in the “To” field. Do not actually reply to the email.
  2. Use your knowledge of the person: If you receive an email that looks like it’s from someone you know, check it carefully to see if it matches what you know about the person. Does the phrasing, tone, or language seem strange or uncharacteristic? Do they use a name, greeting, or sign-off other than the one you’re used to seeing? Do they have the right signature file or graphic at the end of the email?
  3. Check for misspellings and awkward phrasing: In the iTunes email scam above, the phisher wanted to “advise the quantity and domination to procure.” Uh, you mean “denomination”? As the conversation continued, the scammer stopped using any sort of punctuation or sentence spacing, just long strings of run-together phrases. Of course there’s always a chance your colleague doesn’t know how to spell or write, but it’s still worth checking—phishing emails are notorious for being poorly written.
  4. Be suspicious: The X-Files had it right: Trust no one. If you have the slightest suspicion about the origin of an email you receive, call the person independently to confirm that they sent it, and never do anything involving money, business operations, or revealing sensitive information without verifying, in person if possible, that the person who appears to be emailing you actually wants you to perform the requested task. So many spear phishing attacks could be foiled by simply popping your head into someone’s office and saying, “Hey, do you really want me to do this?”
  5. Conduct security training: Cyber criminals are always looking for new ways to defraud people, and it can be difficult to keep track of all the warning signs you should be looking for. In addition, working in a busy office naturally makes people more susceptible to scams, because when you’re focused on trying to get things done, you tend to let down your guard. Companies like KnowBe4 and Cofense (formerly PhishMe) can hold security awareness training for your employees and can even set up automated fake phishing emails you can send to employees to increase their security awareness.

Here are a few real-life attacks we’ve seen recently, and how we knew they were phishing:
The attack: An employee in the payroll department received an email from “Mike,” another employee, saying he wanted to change his direct deposit information.

The giveaway: While the phishing email had the full name of the employee correct, the “from” email was wrong, and the person signed the email “Michael” when the actual employee only goes by “Mike.”


The attack: An employee received an email that appeared to be from his boss asking, “Are you available for a quick task?” We’ve seen these before, and because they do not ask for or refer to any sensitive or financial information, people tend to engage with the sender, which then leads to the scam.

The giveaway: When the email recipient responded, he received strangely worded instructions to obtain 10 $100 iTunes gift cards. The scammer asked the employee to scratch off the silver portion to reveal the PINs  and send a picture of all the codes. If the red flags weren’t up before, that sent them all the way up the pole. However, when the employee asked what client they were for, the scammer provided the name of an actual client of the company.
 

0 Comments



Leave a Reply.

    The Durango Chamber of Commerce

    The Durango Chamber of Commerce is a membership-based organization that promotes and supports the local business community through communication, advocacy, education, leadership and financial viability.

    Archives

    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    May 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    September 2017

    Categories

    All

    RSS Feed

Home  | Contact Us  |  Join the Chamber  |  Site Map
© COPYRIGHT 2016 Durango Chamber of Commerce 
2301 Main Ave. | P.O. Box 2587 | Durango. CO 81302
Toll-Free: 888-414-0835 | Phone: 970-247-0312  |  Fax: 970-385-7884
Email
MemberClicks | Member Management Software