How it works:
Many people are already aware of “phishing” scams where fraudulent e-mails that appear to be from a legitimate source induce victims to reveal personal information. Phishing emails commonly masquerade as communication from banks, credit card companies, or popular online vendors. Phishing e-mails may contain copied logos, a link to a fraudulent website, or even a “spoofed” e-mail address. A phishing scammer may claim that a bank or credit card account has been compromised or locked. The recipient is informed that they must confirm all account information in order to restore their access. The email usually includes an embedded link that will open a fraudulent website closely resembling that of the actual company. The site may also contain malware that could steal personal data. Once the recipient knowingly or unknowingly provides their personal account information they may experience a variety of financial crimes.
Most email services are able to filter out the bulk of phishing emails, but this is not foolproof. Variants of phishing called “spear phishing” and “whaling” are harder to detect and may be of particular concern to Darien residents. Traditional “phishing” casts a broad net that is seemingly random. In contrast, spear phishing and whaling target a specific organization or individual. Whaling targets a high level CEO, a big catch. This type of phishing attack is designed to gain access to closely guarded information like trade secrets or other intellectual property. In a spear phishing or whaling attack, the purported “sender” masquerades as someone from within the targeted company. The name attached to the email will typically be someone in a position of trust and authority (e.g. CFO, network administrator). The email will ask the recipient to provide user name and password info, often through an external website. Once the phisher has this information, they can access confidential information and exploit others in the company.
What to do:
Do not comply with unexpected requests for confidential information or divulge personal data in response to e-mail messages unless you are absolutely positive about the source.
Do contact the purported sender directly (hint: don’t hit “reply”) if there are any doubts about the legitimacy of the email request.
Do not open attachments or web links within an unsolicited e-mail requesting confidential information. Doing so could result in the download of a malicious computer virus.
Do remove your email address(es) from company websites that are publicly accessible. A fillable contact form on the website is a viable alternative.
Do report any loss involving monies or intellectual property stemming from a phishing or spear phishing incident