Warren Averett Technology Group has recently noticed a peak in phishing scams aimed at manipulating individuals into divulging confidential or personal information through social engineering, which then may be used for fraudulent purposes. Users have recently reported that their personal and work email addresses have been used to send falsified email messages. Typically, users on the receiving end of such messages are not on high alert because they quickly recognize the sender as a coworker or friend.
We want to remind you of the threats associated with phishing schemes and raise awareness of current scams to protect your personal and business information. We also want to ensure that you are taking the necessary steps to avoid all forms of attacks and provide you with appropriate procedures to follow if a breach of security has already occurred.
Once you click on a link and input your credentials, social engineering comes in to play, and your email account may no longer be protected. A user will be asked to input a work email account and domain password. The request page will deny access and request that you try again; this leads to the user testing out all usual passwords associated with other email accounts. However, these credentials are being logged. Once the account user’s credentials have been collected, the perpetrator will log into the email account and look for useful data. After completing the search, the phisher will then email all the contacts on the account with the same scam.
Attacks such as these tend to spread quickly, so how can they be avoided? Do not, under any circumstance, click on links within emails. If you receive a link from a known contact, call the sender for confirmation. Email communication can and will be intercepted. If you receive an email that gives you cause to be unsure, do not hesitate to send it to the Warren Averett Technology Group Resource Center for review.
However, if you have already entered your credentials and would like to ensure the attackers cannot complete their mission, what should you do? Call the Resource Center. We will change your password immediately. If you are changing your own password, be sure to use characters that you have not used previously. The more difficult the password, the safer you are. We will then look through our account to see if attackers have set any forwarding rules which would allow them to continue to send the scam, and we will be able to monitor if any of your contacts have received a phishing email from your account.
Should you come in contact with a phishing scam, you should always err on the side of caution and involve Warren Averett Technology Group immediately. The Warren Averett Technology Group Resource Center can be reached via phone at 888.419.9090 or via email at firstname.lastname@example.org.
Tanner Epperson is a Quality Assurance Consultant with Warren Averett Technology Group.