- Top 5 Reasons to Love Health Savings Accounts (HSAs)
Although Virginia employees haven’t adopted HSA plans as quickly as some other areas of the country, these plans are gaining market share as healthcare costs continue to rise. There are […]
- Read More
- Small Businesses and Self-Funding Medical Benefits
ACA “Pooled” Rates vs. Self-Funded Strategies There is a lot of talk about self-funded or level-level funded medical plans as a way for companies to save money on health benefits… […]
- Read More
Summer’s Here and So is Spear Phishing
by Gregg Kennerly | Published Wednesday, August 9, 2017
Cyber attacks and resulting data breaches often begin with a spear-phishing email. Spear phishing differs from regular email phishing in its use of extensive research to target a specific audience, which allows the spear phisher to pose as a familiar and trusted entity in its email to a mark. Spear phishers seek a company’s valuable information—such as credentials providing access to customer lists, trade secrets, and confidential employee information—and some of their methods include:
- Directing email recipients to fake (but authentic-looking) websites that ask for information like account numbers, passwords, or other credentials; and
- Inducing recipients to click on links or attachments that download malware onto the recipient’s computer. The malware often allows the phisher to steal passwords and sensitive data by, for example, tracking keystrokes.
The IRS offers the following tips to protect against spear phishing:
- Educate all employees about phishing in general and spear phishing in particular.
- Use strong, unique passwords with a mix of letters, numbers, and special characters. Also, remember to use different passwords for each account.
- Never take an email from a familiar source at face value, especially if it asks you to open a link or attachment, or includes a threat about a dire consequence that will result if you fail to take action.
- If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize, or if it’s an abbreviated URL, don’t open it.
- Poor grammar and odd wording are warning signs of a spear-phishing email.
- Consider calling the sender to confirm the authenticity of an email you’re unsure of, but don’t use the phone number in the email.
- Use security software that updates automatically to help defend against malware, viruses, and known phishing sites.
Check out our Employee Records and Files section for more on how to protect confidential employee information.