To Our Valued Customers:
It’s no secret that we live in a world where cyber-security and data protection issues pose a greater risk than ever before. Creative Services, Inc. (CSI) understands that all companies are potential targets for cyber-attacks, insider threats, or other security issues. Online phishing scams are becoming more sophisticated every day, with hackers impersonating individuals and companies so well that it’s easy to be fooled. Incidents of phishing and impersonation attacks are on the rise, and with that in mind, CSI wants to remind our clients of some important strategies that you can use to ensure that you don’t become a victim.
All emails are not created equal. Of course, you should always be on alert for a scam. However, you should pay extra attention to “high-risk” messages. Any email asking you to do the following should be considered high-risk:
Even if an email appears to be from someone you know, there are steps you should take if you receive a high-risk email:
1) NEVER REPLY
If you have a question or need to comment on a high-risk email, send a new message instead of replying. If the email you received is fake, and the hacker has spoofed (faked) the email address, they are counting on the fact that you will reply to the message. Simply clicking “new message” and typing in the email address of the recipient will defeat a significant portion of phishing attacks.
2) CHECK THE “FROM” ADDRESS CAREFULLY
A common approach hackers use is to register a look-alike domain. For example, our legitimate domain is creativeservices.com. A hacker might add or change one letter so upon first glance, it seems legitimate, however, when you look closely you see it is not. For example, changing the “a” to another “e” allows for accounting@creetiveservices.com. A’s and E’s look a lot alike when they are right next to each other. This is another example of why drafting a net-new message and not replying to an email as described above is always a good strategy.
3) AVOID CLICKING AND/OR VALIDATING LINKS
If you receive a high-risk email asking you for a call to action in some way, for example, “click here” to change a password or enter sensitive data, you are better served to closing the email, opening a web browser, going to the source’s website, login to your account and resetting your password. In general, you should avoid clicking links, but for those times when you can’t, it is recommended and easy enough to validate a link before clicking. To check the validity of a link, just hover your mouse over it without clicking. In MS Outlook (and most email software) a balloon will appear showing you where the link goes for the source. If it goes somewhere other than what it says, it is not a safe link to click.
For example, when you hover your mouse over the link:
Do you see how the link shows a site that’s not Creative Services, Inc.? Now you know it is a fake link! It’s that easy!
PRO TIP: If you are not using Outlook and are in a web browser, the link typically shows in the lower left corner of the browser when you hover over it.
4) BE SKEPTICAL – Banks, healthcare, and other financial institutions should never ask you for your password, account number, or other personal information by email. If that’s happening, pick up the phone and call the party in question. Approximately 90% of the cyber-losses that are a product of phishing could be avoided by calling to verify with the source that they do want you to change payment information or reset a password.
PRO TIP: If you decide to call, look the number up online or in your contacts. Do not use the number in the signature of the email you are questioning. Hackers are very slick and some of them will actually put their phone number in the email and will try and fool you if you call.
5) ALWAYS ENCRYPT SENSITIVE DATA – The world conducts business in email and we understand that. So, if you DO need to send sensitive information by email encrypt it and then CALL the recipient to provide the password. If you don’t know how to encrypt a document, you can visit our website at www.creativeservices.com/resource-center/safety-first for instructions. Additionally, your internal IT department may have a preferred method for sending encrypted emails in place. Please consult them first before sending sensitive information.
An ounce of prevention is worth a pound of cure, especially when it comes to password management. Below are some tips and recommendations to ensure that your password strategy is effective and does not have holes.
PASSWORD REQUIREMENTS
PASSWORD MANAGEMENT
Hackers love habit. Avoid reusing passwords. For example, if you use your Facebook password for your corporate email account, and Facebook’s credential database is compromised, your email is at risk. Of course, remembering a million passwords isn’t practical. You will have to decide for yourself if you want to trust a password manager but consider identifying your highest risk accounts and ensuring they all have unique passwords. The next time there’s a high-profile loss of data online, you’ll be glad you did.
These strategies will help you to stay safe and secure online. Please use all these tactics in your interactions with CSI as well. When it comes to security and the protection of your data, we recommend a “trust no-one” approach. Cyber security and personal protection can feel overwhelming at times, but CSI is here to help you if you have any questions or if you would like to be connected to someone that can help you evaluate your own security strategies. Please feel free to call us for assistance anytime at 800-227-0002.
We appreciate your trust and your business. Stay Safe!