All across the supply chain, wood flooring professionals are quickly deploying various technologies to better serve their customers and manage their businesses more efficiently. These different kinds of technologies, however, do come with a variety of risks and require strategies to protect them. You wouldn’t leave your vehicle unlocked containing equipment and product essential to your livelihood; similarly, you shouldn’t let your guard down when it comes to cybersecurity.
Email is one of the primary ways we communicate. Since so many people around the world depend on this technology, it has become one of the primary attack methods used by cybercriminals. This attack method is called phishing. Phishing uses email to try and fool you into taking an action such as clicking on a malicious link, sharing your password, or opening an infected email attachment. Attackers work hard to make these messages convincing and tap into emotional triggers. They can make it look like the email came from someone you know, such as a friend or co-worker, or even a trusted company.
In most cases, simply opening and reading the email will not cause any harm. For a phishing attack to work, the sender needs to trick you into taking action.
The good news is there are clues that a message is likely a phishing attempt, here are some common ones:
- The message conveys a sense of urgency and demands immediate action before something terrible happens, like threatening to close your bank account or issuing a warrant for your arrest.
- The message attempts to pique your curiosity or presents an offer that is too good to be true. (Sorry, that small fortune a prince from a foreign land is trying to bestow upon you is not legit.)
- The message contains a request for highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know.
- The message says it comes from an official organization, but has poor grammar or spelling or uses a personal email address like @gmail.com.
- The message appears to come from an official email (such as your boss) but has a reply-to address going to someone’s personal email account.
- You receive a message from someone you know, but the tone or wording does not sound like him or her.
Here are some tips from the National Cyber Security Alliance to avoid becoming a victim:
- Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in an email.
- Before sending or entering sensitive information online, double-check the security of the website. Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the individual or company directly. Contact the company using the information provided on an account statement, not the information contained in the email.
- Keep a clean machine. Keep all software on internet connected devices – including PCs, smartphones, and tablets – up to date to reduce the risk of infection from malware.
Don’t Get Smished
Your smartphone contains essential information about you and your friends and family, including contact numbers, photos, and locations, which makes it a prime target. Smishing, a mashup of SMS (short message service) and phishing, is similar to phishing, but is conveyed through an SMS message.
In a smishing attempt, the scammer sends out a bulk text message with a claim like, “You’ve been selected to win a $1,000 shopping spree. Be one of the first 100 visitors to this webpage to claim your prize.” Again, the tactics are aimed at getting a fast response and collecting as much information as possible. Smishing is particularly scary because people tend to be more inclined to trust a text message than an email.
In general, be suspect of text messages from people you don’t know. This is especially true when the SMS comes from a phone number that doesn’t look like a phone number, such as “5000.” This is a sign that the text message is just an email sent to a phone. Don’t click on links you get on your phone unless you know the person they’re coming from. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it.
If you have any doubt about the safety of a text message, don’t open it. Things you can do to avoid being a victim of a smishing attempt include:
- Never click links, reply to text messages, or call numbers you don’t recognize.
- Do not respond, even if the message requests that you “text STOP” to end messages.
- Delete all suspicious texts, then block the sender.
- Make sure your smart device and security apps are updated to the latest version.
- Consider installing anti-malware software on your device for added security.
In addition to the above suggestions, be sure to secure all of your devices by using strong passphrases, passcodes, or other features such as touch identification or face id to lock your devices. Securing your device can help protect your information if your device is lost or stolen, and keep prying eyes out.
Also, remember that many public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
Your first reaction may be to assume that your business is too small to be a target, but the truth is, no matter how large or small your company is, there is always risk. The National Cyber Security Alliance website, staysafeonline.org/ business-safe-online, contains a variety of helpful resources on these and other topics. With just a little bit of common sense and caution, you can make sure that you don’t become a victim of identity theft.
SOURCES: staysafeonline.org | sans.org/security-resources