Home‎ > ‎

When in doubt--DON’T OPEN IT!

posted Mar 21, 2016, 5:55 AM by James Saccento   [ updated Mar 21, 2016, 7:19 AM by Ken Narkiewicz ]

Over the past few days there have been a few incidents of phishing attacks directed against ServiceNet employees. Phishing attacks utilize social engineering tactics (emails or phone calls that prey upon one’s emotions) to trick a user into offering up sensitive information, opening a malicious attachment or web site, or even payment of a sum of money. An attacker might send an email that appears to come from a known party (such as a coworker) or a reputable institution, such as a bank or other financial institution (Bank of America or Paypal for example).

Please keep the following information in the back of your mind at all times:

Verify the sender of an email before responding with sensitive information or opening an attachment. The “Sender” may look legitimate at first glance (such as “Fraud_Department@Paypal.com” or “John Smith, ServiceNet Fiscal Department”) but upon closer  inspection, you will notice the real reply-to email address as something entirely different (such as “paypal@123.mail.com” or “someone_else@xyzcompany.com”).

An email might urgently state that a past due invoice is attached and your initial reaction may be to open it immediately, however DO NOT open anything unless it can be absolutely confirmed that it came from a known source. The most common form of attachment that these attacks come from are “zip” files, so please be extra suspicious of any zip attachments.

Also, do not provide sensitive information to anyone over the phone unless you are absolutely able to verify their identity. If you are unsure, tell them you will contact their company directly and end the conversation. For example, if the suspicious caller states that they are calling from Bank of America with demands for sensitive financial information, tell them you will call back, hang up and call Bank of America customer support directly. You will likely discover that there is no record of the call or the original request for information.

In all cases, if you have the slightest suspicion that something is amiss, you will find that you are most likely correct--it’s always better to be safe than sorry. Contact your supervisor and/or the ServiceNet IT department to get a second opinion before you proceed. We’re here to help!

The following is an excellent resource to check out for more information about phishing and social engineering: 

https://www.us-cert.gov/ncas/tips/ST04-014

Feel free to contact me with any comments or questions, and thank you for your continued diligence!

 

Ken Narkiewicz
Director of Information Technology
ServiceNet, Inc.
IT Help Line 413.587.7777
Direct 413.582.4265
knarkiewicz@servicenet.org 
Comments