{"id":6235,"date":"2019-05-29T18:12:57","date_gmt":"2019-05-29T18:12:57","guid":{"rendered":"http:\/\/tricorps.com\/?p=5516"},"modified":"2021-12-29T22:01:29","modified_gmt":"2021-12-29T22:01:29","slug":"think-before-you-send-2","status":"publish","type":"post","link":"https:\/\/tricorps.com\/2019\/05\/29\/think-before-you-send-2\/","title":{"rendered":"Think Before You Send"},"content":{"rendered":"

The father of a Catholic parish in Ohio recently had to explain to his parishioners how his church had lost <\/span>$1.75 million<\/span><\/a>. In a letter<\/span> to his flock<\/span>, Father Bob <\/span>Stec<\/span> explained what had occurred<\/span>, how overnight, nearly $2 million had disappeared from the<\/span>ir<\/span> coffers.<\/span> <\/span> <\/span><\/p>\n

The church had been undergoing renovations and working with a construction company. The church wired out $1.75 million under the belief it was sending the money to th<\/span>e construction<\/span> company to pay for the renovations. In reality, the payments had been sent to a fraudulent bank account where the money then vanished. <\/span> <\/span><\/p>\n

Hackers had broken into the church\u2019s email accounts and tricked its staff into believing the construction company\u2019s wiring details had changed. The staff<\/span>, after changing the wiring details,<\/span> wired the money to the hackers instead of the construction company, and poof, $1,750,000 <\/span>was gone. This scam is called Business Email Compromise (BEC). It\u2019s common and it\u2019s devastating. <\/span> <\/span><\/p>\n

Organizations across the world have fallen for this type of attack. Losing millions of dollars is shattering to any type of organization, especially a mid-sized company. This is why it is so fundamental to think before you send. <\/span> <\/span><\/p>\n

When you send out any information in an email, you have to understand that you may not be sending it to the person or entity <\/span>who<\/span> you think you are.<\/span> Often cyber criminals \u201cspoof\u201d individuals or organizations to trick a user into sharing personal or financial information. <\/span>They also may attempt to trick a user in<\/span>to download<\/span>ing<\/span> an attachment or click<\/span>ing<\/span> on a link to<\/span> <\/span>infect a machine or network with malware that can lock down files, spy on user activities, or steal information. <\/span> <\/span><\/p>\n

Ground zero for all of this <\/span>digital combat is the email inbox. It\u2019s where you, as a user on a digital network, are most vulnerable. Therefore, it is where you must remain most vigilant.<\/span> This is where the bad guys will<\/span> try and <\/span>work<\/span> you<\/span>. <\/span> <\/span> <\/span><\/p>\n

Here are some<\/span> ways to help you ensure that you will not fall victim to these <\/span>types of <\/span>social engineering <\/span>or spoofing <\/span>attacks:<\/span> <\/span><\/p>\n

Think Before You Send: <\/span><\/b>Before you send any sensitive personal or financial information in an email you need to ask yourself some important questions. Why is the person requesting this information<\/span>? Is this information they should have access to? <\/span>Can I speak to them to verify that they indeed need this information? This is especially true with any financial information. <\/span>If you are going to share a bank account number, wiring number, credit card number, or social security number,<\/span> you need to make sure you have <\/span>made the effort to verify that you are indeed sending the information to the correct person, and they actually need this information for a legitimate purpose. <\/span>This can be done by picking up the phone, sending a text message, using an <\/span>alternative communications platform, such as Teams <\/span>or Slack, or walking down the hall and asking. <\/span>This is a second factor check. It\u2019s helping you ensure that their email hasn\u2019t been compromised or yours, <\/span>and the person on the other end of that send button is not a cybercriminal. <\/span> <\/span><\/p>\n

Also, if you work with an organization\u2019s banking or financial information, when you are asked to change <\/span>that <\/span>information (such as direct deposit or wiring instructions) you must be absolutely certain the request came from a legitimate party. Even our organization often gets <\/span>spoofed emails asking those in accounting to change the direct deposit information of our employees. <\/span>If you were to send an employee\u2019s two weeks\u2019 pay not to the rightful employee but to a cybercriminal, well that makes for a bad day for everyone, except the cybercriminal. <\/span> <\/span><\/p>\n

Hang Up the Email<\/span><\/b>: <\/span><\/b>Let\u2019s say you get a phone call randomly from someone claiming to be your bank. <\/span>This person tells you there is something fishy going on with your account<\/span>. Th<\/span>e caller<\/span> say<\/span>s<\/span> <\/span>he<\/span> can fix the problem, but first he need<\/span>s<\/span> to verify your identity<\/span>. Therefore, you <\/span>must<\/span> share your account number<\/span> with the caller<\/span>. Most people understand that in a situation like this you do not share your information. You hang up the phone<\/span> <\/span>and call the<\/span> bank back after locating <\/span>its<\/span> legitimate <\/span>contact <\/span>number.<\/span> <\/span><\/p>\n

This is very similar to an email. If you receive an email asking you to share information <\/span>whether<\/span> that be personal, financial, or account details, do not share the<\/span> information <\/span>by directly responding to the email. Instead, hang up the email, as you would the phone, and find an alternative way to communicate with the <\/span>organization requesting the information.<\/span> This could be by navigating to the organization\u2019s website<\/span> or calling them on the phone. This is especially true of <\/span>passwords. If you receive an email requesting you to change your password, don\u2019t change it via a link in the email. Go to the provider\u2019s website and change it there. <\/span> <\/span><\/p>\n

Think Before You Click:<\/span><\/b> <\/span>Links are one of the most dangerous things in an email. <\/span>It\u2019s the phishing bait. Email providers have gotten better about <\/span>recognizing <\/span>bad <\/span>links, but<\/span> it\u2019s not a perfect science, and <\/span>the bad guys are always evolving. <\/span>That\u2019s why it is important to <\/span>take extra caution when you click on a link in an email. Before clicking on a link, <\/span>hover over the link with your mouse. This allows you to see where the link is taking you. <\/span>This way you can be sure the link destination is where it is supposed to be. Also<\/span>,<\/span> if someone shares a link with you, and it seems off, <\/span>it very well could be. So, err on the side of caution. Find an alternative way to reach out to that person and ensure they did <\/span>indeed <\/span>send you the link<\/span>.<\/span> <\/span> <\/span> <\/span><\/p>\n

Think Before You Download:<\/span><\/b> <\/span><\/b>Like<\/span> email <\/span>links, email attachments can be bad news. Zip files, Word documents, Excel spr<\/span>eadsheets, these can be loaded with malware. So, when you are<\/span> downloading any type of attachment, <\/span>just take a moment to consider if this attachment is something <\/span>you<\/span> should be receiving and one <\/span>you<\/span> should be opening. <\/span>When we get busy, that\u2019s when we make mistakes. So, slowing down and taking a <\/span>breath<\/span> before <\/span>completing<\/span> an action in an email (clicking on a link \/ downloading an attachment \/ sending sensitive information) can help to ensure <\/span>we don\u2019t make mistakes. <\/span> <\/span><\/p>\n

Finally, we\u2019re human, and we\u2019re fallible. We are going to screw up. It is important to be honest<\/span>;<\/span> if something happens<\/span>, d<\/span>on\u2019t try and <\/span>hide it<\/span>. <\/span>Being open and reporting incidents can help speed up mitigation<\/span>. It can save the organization from unnecessary damage. Don\u2019t cover it up. Report it.  <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

The father of a Catholic parish in Ohio recently had to explain to his parishioners how his church had lost $1.75 million. In a letter to his flock, Father Bob Stec explained what had occurred, how overnight, nearly $2 million had disappeared from their coffers.   The church had been undergoing renovations and working with a construction company. The church wired […]<\/p>\n","protected":false},"author":2,"featured_media":5517,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[12,14],"tags":[],"class_list":["post-6235","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber","category-training"],"acf":[],"featured_image_src":"https:\/\/tricorps.com\/wp-content\/uploads\/2019\/05\/ThinkBeforeYouSend.jpg","featured_image_src_square":"https:\/\/tricorps.com\/wp-content\/uploads\/2019\/05\/ThinkBeforeYouSend.jpg","author_info":{"display_name":"Sarah Burrows","author_link":"https:\/\/tricorps.com\/author\/sarahburrowstricorps-com\/"},"_links":{"self":[{"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/posts\/6235"}],"collection":[{"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/comments?post=6235"}],"version-history":[{"count":0,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/posts\/6235\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/media\/5517"}],"wp:attachment":[{"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/media?parent=6235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/categories?post=6235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/tags?post=6235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}