Simple Technique to Protect Your Assets from Cyber Threats by Carrie Kerskie
Protecting your assets from cyber threats is stressful. If getting phishing emails wasn’t bad enough, now the criminals have begun smishing, sending scam messages by text as opposed to email. Plus, it’s getting harder to determine which ones are valid and which ones are fake. Especially when the message appears to be from your bank regarding suspicious activity. It’s enough to make you want to go off-grid.
Okay maybe that’s a little extreme, but you get the point.
The problem is so bad that companies buy anti-phishing training and testing for their employees. But, as research had proven, people still fall for phishing emails, even after the training and testing. If these “educated” employees can’t spot a phishing email, how are the rest of us supposed to? The answer is simple. Cyber Awareness.
In the past this meant showing you examples of phishing and other scam messages or having you look for one or two “tell-tale” signs of a scam.
Remember the old advice of “look for poor use of grammar” or “hover over the send to reveal the true sender’s identity.
”Unfortunately, these don’t work anymore. Why? Because you are looking for key things. So, what happens when the cyber criminals modify the scam? You guessed it, those things you are told to look for disappear. Instead of having to memorize a few red flags, cyber awareness should be simple, while enhancing critical thinking skills.
One way to do that is by using the Validate or Eliminate Method. The Validate or Eliminate Method was created after fifteen plus years of working with identity fraud and cybercrime victims, both individuals and organizations. Before acting on any received phone call, email, letter, or text message, take a moment to validate it.
Here are a few ways to validate:
- Call the organization at the phone number on their website or on your statement and ask if they sent the message.
- If you have an online account with the supposed sender, log in to your account. For example, if the message was supposedly from your bank regarding a suspicious transaction, log in to your account and look at the transactions. Same goes for messages from Amazon. Log in and look at your order history. If you are still not satisfied, call the organization.
- If the message was from a friend or family member, call them and confirm they sent it before you click on the link (in a text or email) or open the attachment (in an email).
- If you received an unexpected call, tell the caller you can’t talk right now and ask to call them back. Don’t call back at the number in your caller ID (it could be spoofed) or the number they give you. Call the number on the organization’s website or on your statement, etc.
If you are unable to validate the sender or the message, eliminate it. Eliminate by either hitting the delete key, moving it to your junk folder, or throwing it away (for letters). If it was a phone call, more than likely the criminals will call you again. Now you have confirmed it is a scam, simply hang up the call. No need to be nice as the criminals won’t be nice to you.
So, the next time you are faced with a call, text message, email, or letter and you are unsure if it’s legitimate, take a few minutes to validate or eliminate. It really is just that easy.
Carrie Kerskie is a professional speaker on cyber awareness culture and identity fraud. She’s the president of Kerskie Group, providing white-glove identity fraud restoration and risk management for high-net-worth families and individuals. Carrie is also a member of the Collier Identity Fraud Awareness Community Task Force. She can be reached at 239.435.9111 or CarrieKerskie.com
Leave a ReplyWant to join the discussion?
Feel free to contribute!