A few things to keep in mind about security at this otherwise festive time of year:
Phishing emails and their telephone and text message counterparts are always more frequent at this time of year and during times of disasters. Hackers/criminals will attempt to get you to either send them money, give them your login credentials, or hand over personal information (and sometimes all three at once!) by emailing you, calling you or texting you. A reminder about how you can tell the bad from the good or the fake from the real:
- If they are asking you to urgently send money, it is fake. Even if the email looks like it is coming from someone you know, assume it is fake. Criminals can “spoof” email addresses to make it look like they are sending the email from someone you know – even a work colleague! If you think it might maybe possibly be real, DO NOT REPLY to the email – just telephone that person or send them a NEW email to verify (again, DO NOT REPLY to the original email)
- If they are in a big hurry, e.g., they tell you that you need to reset you password immediately or you need to login to your account now to fix something, it is fake. Again, if in doubt, contact whoever it is who contacted you via other means (e.g., telephone them or open a new Internet browser window and check your account from there) but DO NOT REPLY to the original email
- No government agency and no reputable financial institutions will email you to tell you to click on a link or download a file – these would be fake
- On the same topic as the third point above, if the sender is asking you to click a link, download a file or anything similar and you did not expect to receive this email from this person, it is fake. Do not click anything you did not expect to receive from that sender – better to just delete it!
Text Messages/Social Media:
- No job offer sent via text is ever legitimate. Just delete that text
- No one gives away free stuff via text messages
- Text messages from strangers or unknown sources should just be deleted
- If you don’t know that Facebook or LinkedIn user with the attractive profile pic who wants to be your friend, just ignore them! There are lots of fake social media profiles out there
- Anyone “calling from Windows”, is no one you should talk to. No benefit to being rude to them so just saying “no thank you” and hanging up is the best option
- Anyone calling from your bank or power company can be called back at their publicly available telephone number especially if they are asking you to provide payment information or account information. You can always just call them back by looking up their phone number (do not take the number they might provide to you) and if they have a problem with that then they are probably not someone you should be talking to
Finally, beware of anyone asking for money (especially at this time of year) for charity causes that are not from known registered charities and be careful of anyone coming to your house to ask for donations. Also, it is better to not advertise on Facebook that you are going South on vacation – this is peak scam and home invasion season!
Anthony English, Vice President, Mariner Security Solutions PCIP, C|CISO, MCSE, CISSP, CISA, CISM, CGEIT, CRISC, CBCP, CIPP/C, ISO 27001 Master, CTT+, A+, HiTrust Certified CSF Practitioner, ISO27033 Lead Cybersecurity Manager
Anthony is one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards based compliance. He sits on the Standards Council of Canada (SCC) IT Security Techniques committee (MC/ ISO/IEC/JTC 1/SC 27), the Disaster Recovery Institute Canada (DRIC) Certification Committee, Cloud Security Alliance committee on the security of health care data in the cloud and is an Exam Development Volunteer for ISC2. Anthony has worked in utilities, law enforcement, consulting, education, health care, lottery and gaming, auditing and the financial sector.