The "white hat" hackers at Intrepidus, a New York-based information security service provider, recently tested 2400 employees at two of its clients with a "tax refund" scenario phishing email. The clients were a state agency and a small bank. This test got interesting, says Rohyt Belani, CEO of Intrepidus, when an average of 35 percent of the employees clicked on the email to find out what the tax refund email contained. "That is a big foothold for a hacker," Belani says. "Just imagine that over one-third of your employees (or customers) clicked on a link that could potentially infect their PC and your network."
The good news says Belani, is that it was only a test. The bad news, unfortunately, is that these kinds of phishing attacks can and do happen to any business or individual consumer.
Here are some other scams for employees and customers to avoid:
Anything Claiming to be from the IRS -- Despite the flood of messages purportedly from the agency, the IRS doesn't discuss tax account matters via email. It also doesn't initiate taxpayer contact via unsolicited email or ask for personal identifying or financial information. Taxpayers do not have to complete a "special form" to obtain a refund.Social Security Alerts -- Another phony email claims to be from the Social Security Administration (SSA), threatening that if the person doesn't update their account information (on a bogus site) they will not receive a cost-of-living increase. Now, consumers may receive official letters from SSA attempting to verify that their address or bank has changed, or that they have become ineligible for benefits. Such letters are likely to be legitimate if they do not request information. But it's always best to verify communications by calling SSA: (800-772-1213).
FBI Windfalls -- Earlier this month, the Federal Bureau of Investigation warned Hawaii residents to not fall for emails that claimed to be from the bureau. The phishing emails include FBI letterhead, seal and banners with the FBI Director's photos to make them appear genuine. The notes claimed that the recipient had inherited money, or others claimed that the FBI was imposing fines through email -- which isn't done. The FBI says they have received a large number of complaints, leading investigators to believe that hundreds or even thousands of residents received the emails.
Oh, and where do you think the emails originated?
Nigeria.
To look deeper into the world of phishing, visit GovInfo Security.
No comments:
Post a Comment