Social engineering, spear phishing, and plain old "cast a wide net" phishing is netting the bad guys a boat load (pun intended) of money. No longer is it adequate to protect just your borders. With our digital lifestyle, BYOD, SNR, online meetings, social media, etc., it is imperative that you take the time to educate your end users (employees) about these types of threats. http://www.fbi.gov/news/stories/2014/october/cyber-crime-purchase-order-scam-leaves-a-trail-of-victims/cyber-crime-purchase-order-scam-leaves-a-trail-of-victims Is it feasible to teach all users to read the headers of an email? Probably not. Nor is it feasible to have them perform a "whois" (then drill down) on suspect websites. But, what we can do is educate them that scams happen by the minute, and to "Question" everything. When you receive a phone call from someone and they act as though they have known you for years, but you can't place the name or voice - Question them. When you receive an email about $1.5 million just waiting for you overseas - Forward it to your infosec team (in the absence of an infosec team, forward to your manager). Do not respond, do not ask to be taken off the list, just forward it along and let the experts do what they do best. Many times the "attackers" are just looking for a "live wire" and when you respond requesting to be removed from the list - you end up in the "have a pulse" category. They will use this information for other attempts at a later date. Make sure you tell someone if you are getting calls or emails that are out of the norm, especially if they are requesting information. If you can't verify their identity, you don't tell them anything. Ever ask yourself why someone [...]The post Employee Security Awareness - Purchase Order Scam appeared first on Sentryworx.
