Skip to main content

Frequently Asked Questions - Phishing

Aisera Demo
  • Updated

What is Phishing?

Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen in the form of malicious emails pretending to be from credible sources such as Acme technology departments or financial organizations related to the company. By tricking employees into giving away their information, attackers can:

  • Steal money from victims (modify direct deposit information, drain bank accounts)
  • Perform identity theft (run up charges on credit cards, open new accounts)
  • Send spam from compromised email accounts
  • Use your credentials to access other corporate systems, attack other systems, steal confidential Acme data, and jeopardize the mission of the company

The goal of most Phishing emails is to trick you into visiting a web site in order to steal your Acme credentials. Attackers will set up web sites under their control that look and feel like legitimate web sites. Often the Phishing emails will have an immediate call to action that demands you to "update your account information" or "login to confirm ownership of your account". If you enter your Acme credentials into these illegitimate web sites you are actually sending your Acme username and password directly to the attackers.

What can I do to avoid Phishing attacks?

Review these 5 essential tips to avoid being "Phished":
  1. Passwords in Email = Epic Fail. Never send your passwords in an email!
  2. If you didn't expect it, reject it. Don't click unexpected links!
  3. Check for Trash Before the Slash. Verify the URL in your browser bar before entering Acme credentials!
  4. Is it a Phish? Drop us a line. 
Additionally:
  • If you are worried about an account, call the organization which maintains it (like your bank)
  • Check the email address—does it really match the text of the email? Does it match the legitimate email of the organization it is supposed to be tied to?
  • Check the security certificate of any website into which you are entering sensitive data. They should usually begin with https:// Some browsers will display padlock symbols in the address and status bars. Anything on a website saying it is safe can be falsified and is not verified by the browser you are using, and so shouldn’t be trusted
  • Keep your software current

How can I identify a Phishing scam?

The first rule to remember is to never give out any personal information in an email.  No institution, bank or otherwise, will ever ask for this information via email.  It may not always be easy to tell whether an email or website is legitimate and phishing emails are using social engineering tactics to make create sophisticated scams.
  • In the body of an email, you might see questions asking you to “verify” or “update your account” or “failure to update your records will result in account suspension.” It is usually safe to assume that no credible organization to which you have provided your information will ever ask you to re-enter it, so do not fall for this trap.
  • Any email that asks for your personal or sensitive information should be seriously scoured and not trusted. Even if the email has official logos or text or even links to a legitimate website, it could easily be fraudulent. Never give out your personal information.

Why is understanding the risk of Phishing important?

Phishing attacks are an ongoing threat to the company and are becoming increasingly sophisticated. Successful Phishing attacks can cause financial loss for victims and put their personal information at risk. 

Who do I contact if I think my Acme credentials were compromised?

If you believe your Acme credentials have been compromised, you must reset your Acme passphrase immediately. If you have any questions, email esg@acme.com(link sends e-mail) or call (510) 643-6839

What if my personal email account, bank account, or other accounts were compromised?

  • Immediately change your passwords for any potentially compromised accounts
  • Contact your bank or financial advisor to let them know your accounts may be compromised and ask them to put a fraud alert on your accounts
  • Check your bank and financial statements and credit reports to regularly identify any false charges or suspicious activity
  • If you believe you are a victim of identity theft, please see the Federal Trade Commission's Immediate Steps to Repair Identity Theft(link is external).

How do I report a Phishing or suspicious email?

If you receive an email you are not sure about, forward the suspicious email - don't reply - to consult@acme.com(link sends e-mail) or call the ESG Service Desk at 510-664-9000. The email can be blocked from the corporate system to prevent others from falling victim to the Phishing attack.

Do I only need to worry about Phishing attacks via email?

No.  Phishing attacks can also occur through phone calls, texts, instant messaging, or malware on your computer which can track how you use your computer and send valuable information to identity thieves. It is important to be vigilant at all times and remain suspicious of sources that ask for your credentials and other personal information.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk