Hardwood Floors October/November 2017

TECHNOLOGY BUSINESS BEST PRACTICES

By Jodi O’Toole

You’ve Been HACKED!

SPAM If spam doesn’t sound yummy to you, you are not alone. Whether it’s canned meat or unwanted email, most of us try to avoid spam. Spam lters are a good rst-line defense; however, unwanted emails still make it into our inbox. Spam that makes it through may be harmless ads, but some spam emails present a threat. By simply replying to or unsubscribing from spam email, you are in fact con rming your email address is valid and therefore, a possible target. is not only creates an opportunity for the account to be breached, but it can also put the account on a target list to be sold, creating additional risk. On the ip side, do report spam you receive to your email provider. Most services have an easy way to do this, and, as a bonus, it helps reduce spam not only for you, but for everyone who uses that service, and others as well. PHISHING Although shing for sport is enjoyable, phishing emails are not. Phishing is a type of spam in which a cyber criminal a empts to entice a recipient to disclose personal details such as bank accounts, credit cards, usernames, passwords, and more. is method is literally “ shing” to see if you’ll provide information to the hacker. ese emails appear to be from a legitimate source, sometimes including logos and URLs that appear to be company-based. However, there is no reason to share personal or secure information via email. Ever. Businesses you have accounts with should never contact you for this, and certainly not without a request from you. A common example of phishing is below:

Photo by Lewis Ngugi

It may sound like the plot line from a well-wri en TV drama, but the chances that your personal information has been or will be compromised is more likely than any of us want to accept. In fact, according to a 2016 survey by Zogby Analytics for e Hartford Steam Boiler Inspection and Insurance Company (HSB), more than one-third of U.S. consumers experienced a computer virus, hacking incident, or other cyber a ack in the past 12 months. Since October is National Cyber Security Awareness Month, it feels appropriate to address how you can protect yourself from being a statistic. Email is a universal communication method and it is one of the easiest methods for cyber criminals to exploit. In my February/ March article, I shared password best practices that should be followed on email accounts to avoid breaches. In this month’s article, I’ll focus on three speci c tactics criminals use to gain access to our information and systems. I’ll also share ways to avoid these situations. SPAM, PHISHING, AND SPOOFING, OH MY! No, I am not talking about canned meat, a weekend activity, or a Halloween movie parody. I’m referring to the email vulnerabilities that open the door for cyber criminal a acks. To successfully prevent these a acks, we rst have to understand them.

From: PayPal Refund Department To: joe.smith@prohardwoodinstallers.com This email confirms you are entitled to a refund. Simply visit the site below to confirm your account details and receive your funds. https://www.paypal.securerefund123.com/refund

e page then asks you to ll in your checking account information, which is information you might enter on PayPal’s website during account setup. e problem is, the URL above is not a PayPal website. e parent URL is actually securerefund123.com, which has nothing to do with PayPal and isn’t even a real domain. It looks legitimate, and many have and will fall victim to this trick.

38 hardwood floors www.hardwoodfloorsmag.com