Email phishing and malware scams continue to grow at a rapid pace, with 143 MILLION new examples of malware in 2014. Hackers are growing more sophisticated and their attacks are sometimes very difficult to discern from 'normal' emails. Still, the stakes are high and we are all responsible for keeping malware out of the credit union. Here are a few important rules that can make a difference in keeping the hackers out:
- First Rule of Thumb – "When in doubt, throw it out!" If you doubt the validity of an incoming email, stick to your first instinct and don't act on it. Don't reply, or click any links, or open any attachments.
- If you don't recognize the sender, don't act on the email.
- If you aren't expecting an email from the sender, don't act on it without verifying that it's legitimate first.
- Legitimate senders don't mind if you verify the email came from them. Since hackers often fake the reply-to address or contact phone number in their email, if you want to verify it's legitimate then do so by looking up and calling your contact's (or the company's) phone number.
Cyber gangs are using modern software development techniques, and have even started 'beta testing' their attacks. English-speaking countries like Australia and the U.K. are used to test and fine-tune malware campaigns, before they are unleashed against the U.S. - for example:
A major malware phishing campaign, citing news about ISIS attacks, recently hit Australia. In the near future you may see similar email phishing campaigns, where the email tells recipients to open an attached document to read a detailed news story about supposed ISIS attacks or threats. The claims in the email are bogus and the links and/or attached documents are infected with malware. You may get scam emails at your house or in the office, claiming 'breaking news' of ISIS attacks. Tricky... BUT, since you didn't expect the email, or verify the source of the email, and you're dedicated to keeping the hackers out, remember: Do not open such emails, do not click links, do not open attachments, and delete these emails. "When in doubt, throw it out!"
Your awareness is our BEST defense against hackers