Bulletins

Protect Yourself from Email and Online Fraud

by Susan Wolcott, CPA, CFE

Dear clients and friends,

While online communications and banking have made life more convenient in many ways, it has also opened the door to new kinds of crime perpetrated by criminals from around the world. Living in a small community like ours at one time gave us a layer of protection from "big city" criminals. No more. Criminals from across the globe are reaching out to steal your identity and assets. Be informed, be aware and protect yourself and your assets.

Your bank or the IRS will not contact you by e-mail or phone to verify personal information or account information. Do not click on any links or call any phone number provided in such e-mails. Do not provide personal information over the phone to any caller.

About Phishing

An email falsely claiming to be from a legitimate, reputable organization is commonly known as "phishing." It got this name because the person, or criminal entity, sending you the email is usually "fishing" for personal or financial information. The email may look legitimate, but in attempting to replicate an email from the legitimate organization, you will commonly find misspellings, typos, suspicious email addresses for the sender, or design flaws.

Phishing emails will commonly ask for your personal or financial information, direct you to a fraudulent ("spoofed") website that requests information, or include fraudulent phone numbers. Clicking on the link to the spoofed website often downloads a virus that grabs your personally identifiable information.

If you suspect that you have received a phishing email or just maybe aren't sure, DO NOT reply to the email or click any of the links or attachments. Delete the email.

Beware of Phishing and Fraudulent Emails, which:

  • Ask you for personal information, including your username and password, Social Security number, Tax ID number, financial records, bank account numbers, debit or credit card numbers or security codes, etc.
  • Ask you to verify account information through a link in the email or by calling a phone number.
  • May ask you to copy and paste website urls into your browser.
  • Contain attachments including images, files and documents.
  • Include broken links.
  • Misspell your personal information, such as your name.

Help Protect Yourself

  • Regularly update antivirus, firewall, intrusion detection and intrusion protection solutions.
  • Install the latest releases and patches for your operating systems and critical programs, especially on systems that host public services and are accessible through your firewall.
  • Update your web browsers. Many of the newer versions of web browsers, such as Internet Explorer, Firefox, and Chrome have advanced security features.
  • Configure mail servers to block or remove email that contains attachments that are commonly used to spread viruses.
  • Train employees to not open attachments unless they are expected and come from a trusted source, and to not execute software that is downloaded from the Internet unless it has been scanned for viruses.
  • Do not provide personal information such as user IDs, account numbers or passwords in response to an email, even if the email looks legitimate.
  • Do not respond to text messages or voicemails that ask you to call a number and enter personal information such as account numbers.
  • Regularly update your email and online passwords.
  • Consider the possibility of restricting Internet use by employees, specifically shopping, as they are opportunities to compromise the network.
  • Have emergency response procedures in place, including back-up and restore capabilities in order to restore lost or compromised data.