Hackers Are Now Using HTTPS To Scam Victims
Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI Public Service Announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.
These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.
What Should You Do?
Be Suspicious of Email Names and Content
Unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure. The FBI recommends that users not only be wary of the name on an email, but to be suspicious of https links in emails as well. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity:
- Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.”
- If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
- If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
- Don’t click links in any emails from unknown senders.
If You Run A Business, Ask Your IT Service Company About Security Awareness Training For Your Employees
Security Awareness Training offers many benefits to get your employees up to speed on the latest threats and how to protect themselves and their company:
- Sends Phishing Security Tests to your employees to take on a regular basis.
- Trains your users with a comprehensive library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and training campaigns.
- Phishes your users with best-in-class, fully automated simulated phishing attacks, and hundreds of templates with unlimited usage, and community phishing templates.
- Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know. It shows stats and graphs for both training and phishing, ready for your management to review.
Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.
Add Security Awareness Training To Your Current Employee Training
The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails – hackers have many more up their sleeves. This is why regular, up-to-date Security Awareness Training is so important for any organization.
Call us at 678-389-6200 or use the contact form for more information on keeping your network secure.