‘Tis the season, to STEAL YOUR INFO… fa-la, la-la-la, la, la-la-la!’

Not the happy holiday greeting you expected? We hate to break it to you, but the Grinch is at large! With retail sales at their highest, this is the time of year when identity theft is common, and you need to protect yourself, your clients, friends, colleagues, and everyone with whom you communicate. Nobody is going to do it for you, and in fact nobody can provide you 100% protection from the biggest danger to your private information: YOU!

Not familiar with the term “phishing attacks?” These types of attacks are any attempt by a scammer to get you to divulge private information like credit card details, account details, or passwords. You may have received emails with weird links and subject lines, odd popups on a PC, or even a phone call asking you for information. A lot of times these schemes look legitimate, but don’t be fooled.

All right, now that we’ve said it, and hopefully scared you out of your digital skin, here are five very important measures you can employ i-m-m-e-d-i-a-t-e-l-y to protect yourself, your business, and prevent phishing attacks.

ALWAYS USE COMPLEX PASSWORDS

That means do not use your first name and your spouse’s birthdate. It does mean you should use something that looks (and preferably is) completely random. A password such as 8y6AvgxYKx&j is much better than Robert1220.  By the way, that mess I generated was done using Last Pass, which we highly recommend as a password management system. Another password management option is 1Password.

USE 2-FACTOR AUTHENTICATION (WHEN AVAILABLE)

Yes, it’s a pain in the backside to provide that extra 6-digit key every time you log in, but it’s very secure. You literally need the key cipher (usually an app on your mobile phone) to unlock the account(s) in question.

POP-UP PHISHING

Don’t click on pop-ups telling you that your PC is infected and asking you to call a number (claiming to be Microsoft or someone like that) or provide your login credentials TO ANYONE except a “trusted” IT provider or colleague.  Never do it without verifying, directly, that it was asked for by that specific person by another means.

For example, if a “low trust” person asks for your password via email, or otherwise, CALL THEM to verify it. Any big brand company (Microsoft, Google, et al) will never contact you to tell you that you are infected or need an update. They just don’t do that.  So if you get that call – HANG UP immediately!

EMAIL PHISHING

If you get an email asking you to click a link to verify something, sign a contract, transfer funds, etc. Check with the sender first via phone before doing it.

And if a link says it’s for signing you into your Google/Dropbox/Otherwise Account, and you click it and it goes SOMEWHERE THAT YOU DID NOT EXPECT it to go (isn’t the same domain name in the address bar), CLOSE IT IMMEDIATELY!

Or better yet, if you use Chrome web browser for checking your email, just hover your mouse pointer over the link; don’t click it to start with. These emails sometimes will even have a valid signature, but they are NOT from your colleague.

WHEN IN DOUBT – GIVE US A SHOUT!

IT people and managed service providers are used to these questions, and we’d much rather you ask us first. It’s worth the few minutes to pick up the phone or send us an email to avoid an infection, losing your sensitive data or spend the holidays recovering your data instead of enjoying the holidays!

Got a question about a phishing attack or scam? Send us an email at info@xpertekit.com!

Note: Support and scheduling requests should always be directed to Support@XPERTEKIT.com.