What a sad state of affairs. Not only do businesses in South East Texas have to worry about hurricanes storming up from the Gulf of Mexico, now we have to worry about hurricane-related scams!
Now that the 2019 hurricane season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) warns businesses to remain vigilant for malicious cyber activity targeting disaster victims and potential donors.
Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites.
Make Sure That Your Employees Exercise Caution
They should be wary about any email with a hurricane-related subject line, attachments, or hyperlinks.
In addition, watch for social media pleas, texts, or door-to-door solicitations relating to severe weather events that may be posing as legitimate requests.
Avoid Becoming A Victim
To avoid becoming victims of malicious activity, you and your employees should review the following CISA resources and take preventative measures by:
- Staying Alert to Disaster-related Scams
- Being Cautious Before Giving to a Charity
- Staying Safe on Social Networking Sites
- Avoiding Social Engineering and Phishing Attacks
According to Consumer Reports, The Department of Justice’s Center For Disaster Fraud has also issued guidelines to help those interested in avoiding scammers:
- Don’t respond to any unsolicited (spam) incoming emails, including clicking links contained within those messages, because they may contain computer viruses.
- Be skeptical of individuals representing themselves as members of charitable organizations or officials asking for donations via email or social networking sites.
- Beware of organizations with copycat names that are similar to but not exactly the same as those of reputable charities.
- Be cautious of emails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Open attachments only from known senders.
- Check to ensure that contributions are received and used for intended purposes. Make contributions directly to known organizations rather than relying on others to make the donation on your behalf.
- Don’t be pressured into making contributions; reputable charities do not use such tactics.
- Be aware of whom you are dealing with when providing your personal and financial information. Providing such information may compromise your identity and make you vulnerable to identity theft.
- Avoid cash donations, if possible. Pay by credit card or write a check directly to the charity. Do not make checks payable to individuals.
- Legitimate charities don’t normally solicit donations via money transfer services. Most legitimate charities’ websites end in “.org” rather than “.com.”
Keep in mind that 80 to 90% of all cyber attacks originate from a malicious e-mail or attachment. So what can you do about it?
Get New-School Cybersecurity Awareness Training for Your Employees
Effective cybersecurity awareness training for your employees can be a challenge. Most I.T. teams just don’t have the time, support, or resources they need, and/or are missing the skills and experience to effectively create a fully mature and successful cybersecurity awareness training program.
Discovery I.T. can provide you with the same world-class, user-friendly New-School Cybersecurity Awareness Training program that large Fortune 500 enterprises use. You’ll have self-service enrollment, course completion logs, and both pre-and post-training phishing security tests that show you the percentage of your end-users that are Phish-prone.
And with the intuitive end-user training interface, your users get a fresh new learner experience that makes learning fun and engaging. There are also optional customization features which enable “gamification”, so your users can compete against their peers on leaderboards, and earn badges while learning how to keep your organization safe from cyberattacks.
New School Security Awareness Training:
- Includes Baseline Testing: We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing attack.
- Trains Your Users with the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters; and automated training campaigns with scheduled reminder emails.
- Phishes Your Users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
- Provides The Results with enterprise-strength reporting that show stats and graphs for both training and phishing, all ready for your management.
And New-School Training From Discovery I.T.:
- Sends Phishing Security Tests to your users and get your Phish-prone percentage.
- Rolls out Training Campaigns for all users (or groups) with automated follow-up emails to “nudge” incomplete users, as well as point-of-failure training auto-enrollment.
- Uses Advanced Reporting to watch your Phish-prone percentage drop.
- Provides a New Exploit Functionality that allows an internal, fully automated human penetration testing.
- Includes a New USB Drive Test that allows you to test your users’ reactions to unknown USBs found.
Plus, you can access Training Access Levels: I, II, and III giving you access to an “always-fresh” content library based on your subscription level. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
If an employee falls for one of these simulated phishing attacks, you have several options for correction, including instant remedial online training. You can schedule one-shot, weekly, bi-weekly or monthly simulated phishing attacks and immediately see which employees fall for these social engineering attacks.
Contact Discovery I.T. today to see how you can take advantage of this world-class cybersecurity training system. It’s cheaper than you think!
Report Any Scams To Your IT Service Company & The FTC
If you think you see a scam, contact Discovery I.T. Also, be sure to report it to the Federal Trade Commission at FTC.gov/complaint. Your report could help the FTC stop the scammers.
In the meantime, to stay up to date on the latest cyber threats and IT info, visit our Blog. Here are a few articles to get you started:
8 Ways Cybercriminals Make Your Firewall And Antivirus Useless
Church Hit with Business Email Compromise