The time of the year where we use the word '
jolly' more than any other time of the year is upon us. It is a most wonderful time of the year for sure.
It is also the time when we are shopping! And increasingly we are shopping online. We all like get the boxes at the front door!
I don't like sending messages like this one. They make me feel a lot less jolly and more like a grinch.
When we are shopping online, we are giving different organizations a fair amount of our personal information. Therefore we should all take steps keep our usernames and strong passwords secure. Here are some tips how to do that:
Tips for Secure Online Shopping.
In summary this article tells us:
- Don't shop at a site if you're not comfortable
- Never click on links from spam emails to make purchases
- Check the web address to make sure you are on the correct site
- Check that the site is secure
- Use a credit card or an online payment service
- Do not use a public computer to shop online
- Only use a secure connection when you place your order
- Use strong passwords
You may also see more email activity afterwards from various companies. Be on the lookout for phishing schemes. Here is some good advice on how to avoid being phish fried: Avoid Phishing Fraud.
Maybe to help us sort through this a bit further, John Nunnally provided an analysis of how to deal with a real example that was recently received by people at Harding.'
Please take some time to take a look at this example.
_____________________________________________________________
No links! It Must Be Safe…. Wrong.
Phishing Scheme – Analysis, Case 1: Remittance Advice
Here is a message recently received by a person at Harding:
At first glance this looks legitimate. But looking closer:
Do we know anyone named Charlotte Allison? That would be the first question. If not, we should go no further until we check.
Look at the from address: charlotteanderson@wellsfargo.com. Have you been doing any business with Wells Fargo? Instead of that stopping us, we have a tendency to open the attachment to see why in the world Wells Fargo would be sending us something. BAD IDEA! That is exactly the reaction the scammers want you to have.
If you simply hover your mouse pointer over the attachment without clicking, you can see that it is named “Secure Remittance.htm”. HTM files are executable web programs. So if you click on this attachment you would most likely be connected to some bogus web site to do you harm. Another red flag.
And then we should think about this email from the opposite point of view:
This email is so very generic. It could be sent to anyone. There is nothing that specifically references you as the recipient. It doesn’t even identify the “Intermediary Bank” supposedly involved in this transaction. (it would be most unusual that people at Harding would send an email that said something generic such as ‘Dear User’)
Surely a message like this would at least provide a phone number to call in case you have questions. In fact, it encourages you to contact Charlotte Anderson and then provides you with no contact information except replying to the email.
This scam even warns you in advance that by clicking on the attachment “You will be required to download and authenticate your email client” – So you are warned that you will be installing software on your computer and probably be expected to give away your username and password! All scams should be so forthright!
So the only safe thing to do with this email -- delete it.
___________________________________________________________________
Even with all this seemingly dire information, all of us in IS&T want to wish you a jolly Christmas and holiday.
