Phishing: The Gift That Keeps on Giving (Your Data Away)
Recently, FSG has been experiencing a higher-than-normal number of phishing emails and text messages. Simply put, phishing is a type of cyberattack in which criminals send fraudulent emails or texts that appear to be from a legitimate source. The goal of phishing is to trick you into clicking on a malicious link or providing sensitive information. These attempted attacks have shown us that no organization is immune to cyberattacks, including FSG, and that everyone has a role to play in protecting our company’s data and systems.
FSG IT has put together the following list of things you can do to help protect our company from cyberattacks.
- Do not click on links or attachments you do not recognize. Be especially wary of .zip, .exe, .dmg or other compressed or executable file types.
- Be suspicious of any email or text message requesting personal, banking, account, or financial information, even if it appears to come from a legitimate email address.
- NEVER provide sensitive personal information (like usernames and passwords) over email.
- Watch for emails or texts from suspicious or misleading domain names or phone numbers. These are often misspelled, but are similar to legitimate ones. (instead of @fsgi.com, an email may come from @fsgl.com, etc).
- Inspect website URLs carefully to ensure they’re legitimate and not imposter sites.
- Do not try to open any shared document you’re not expecting to receive.
- If you can’t tell if an email or text message is legitimate or not, review it with your manager and contact the IT helpdesk at [email protected].
- Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
- FSG’s Executives are often impersonated, so verify before responding to an email claiming to be from them.
In addition to the tips above, it is also important to be aware of the recent email and text phishing attempts that we have had. These attempts have been designed to look like they are from FSG executives.
The email sample below has our CEO’s name and is asking for an employee to get gift cards and email pictures of those gift cards. Notice that the ‘mailto’ on the ” From ” is from an @aol email account and not FSG. Also, note the spelling and grammar looks suspect.
From: Bill Graham [mailto:[email protected]]
To: [email protected]
Subject: Gift Cards
“I would like to surprise the staffs with Walmart gift cards today.
can you please get 7 pieces of Walmart gift card from $400 each. I need physical card.
Then scratch the card and take a picture of the cards pin and attach and email to me very quickly.”
Lastly, FSG Learning has put together a course on cybersecurity that you will need to complete by June 1.
Thanks for helping to keep our network, and our people, safe from these cyber threats!
TLDR: If you receive an email or text that looks suspicious, please do not click on any links or open any attachments. Instead, forward the message to our IT department so that they can investigate it further.
We believe in celebrating important moments in our employees’ lives. If you have a story about an employee or a project you’d like to see on FSG Resources, please share it! Whether it’s a personal achievement or a team accomplishment, we want to recognize and celebrate your successes. Reach out to Scott Delony, FSG Marketing Communications Manager, at [email protected] with stories, ideas, or questions!