Protect Company and Personal Against a Data Breach by a Phishing Schemes
Houston, Texas March 22, 2013
E-Investigations, a Houston, Texas based computer forensics and investigations firm believes that there’s a war taking place in cyberspace. Every day, businesses around the world are the subject of phishing schemes and data breaches by criminal organizations, and possibly even governments.
On January 30, 2013, the New York Times disclosed the details of a four-month long assault in which Chinese hackers allegedly broke into the media company’s computers, stole passwords, and mined their databases for data and sources related to a story that was critical of the Chinese government.
Even the IRS is not immune. The Internal Revenue Service has also issued several recent consumer warnings on the fraudulent use of the IRS name or logo by scamsters trying to gain access to consumers’ financial information in order to steal their identity and assets.
When identity theft takes place over the Internet, it is called phishing. Phishing (as in “fishing for information” and “hooking” victims) is a scam where Internet fraudsters send e-mail messages to trick unsuspecting victims into revealing personal and financial information that can be used to steal the victims’ identity. Current scams include phony e-mails which claim to come from a government agency or a bank, which lure the victims into the scam by telling them that they are due money. Some phishing emails may also contain malware that infects computers if attachments are opened. Once the malware is installed, valuable company data may be mined for personal client data, employee data and company data, resulting in a data breach.
According Gary Huestis, Director of E-Investigation’s Digital Forensics lab in Houston, Texas, “Because phishing is one of the most devious forms of identity theft, it is important for businesses of all sizes to train their employees on these types of phishing schemes that could lead to a serious data breech.”
“Protecting our client’s personal and professional data is a top priority at E-Investigations” Mr. Huestis continued “Employee training on phishing is something we here at E-Investigations do on a weekly basis, because the scammers are getting more and more creative”.
E-Investigations provide the following 8 tips to prevent phishing:
1. Guard against spam – – Be especially cautious of emails that come from unrecognized senders or ask to confirm personal or financial information over the Internet and/or make urgent requests for this information.
2. Communicate personal information only via phone or secure web sites. When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or a “https:” URL whereby the “s” stands for “secure” rather than a “http:”.
3. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when they are expected and know what they contain, even if the sender is known, because phishing email sender headers often appear to be from legitimate sources (i.e. PayPal, UPS)
4. Never email personal or financial information, even if the recipient is within the company. — No matter how diligent one person is, if someone else in the company provides a window into the company server all email accounts could be at risk.
5. Beware of links in emails that ask for personal information, even if the email appears to come from an enterprise the company does business with. Phishing web sites often copy the entire look of a legitimate web site, making it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email. After all, businesses should not request personal information to be sent via email.
6. Beware of pop-ups and never enter personal information in a pop-up screen. Do not click on links in a pop-up screen. Do not copy web addresses into your browser from pop-ups. Legitimate enterprises should never ask for personal information in pop-up screens, so don’t do it.
7. Protect all computers with a firewall, spam filters, anti-virus and anti-spyware software. Do some research or hire a computer investigation company, such as E-Investigations, to provide internal and external security scans, look for suspicious or malicious software and ensure that the most up-to-date software is being used.
8. Check online accounts and bank statements regularly to ensure that no unauthorized transactions have been made. Always be careful about giving out company or personal information over the Internet.
It is essential to hire third-party experts like E-Investigations rather than using the internal IT department personnel to investigate data breeches or any other computer or digital investigations because that way they can ensure that the evidence is handled appropriately. Computer forensics experts can maintain a proper chain of custody, avoid data spoliation and authenticate the evidence. Additionally, an important factor to consider is that, unlike internal IT staff, third-party experts do not usually know the suspect personally, reducing the risk of them sabotaging the hard drive to help or to incriminate the suspect.
Gary Huestis is the Director of Digital Forensics at E-Investigations. Mr. Huestis is an EnCase certified examiner and a licensed private investigator.
Call us toll-free at 877-305-4935