A young woman lost her purse while at lunch one day. She immediately filed a police report once she noticed it was gone, canceled her credit cards and felt relieved she had so efficiently taken care of it. Unbeknownst to her, the thief wanted and used her identity and health insurance card, which she did not discover until she started receiving parenting and baby health care magazines months after the purse had been stolen.
Another type of theft to be aware of comes from workplace phishing. An accounting employee received an email request that he thought came directly from the CEO. He was asked to wire money to a certain company. The employee thought the request seemed a bit out of the ordinary, but seeing as he had contact with the CEO as part of his job, he thought it was plausible. The request was clear, but instead of naming the exact account to receive the payment, it offered a link to the recipient company's account. Because the email was clearly marked with the CEO's correct signature line and he felt it was inappropriate to question the CEO, he did his own checking. Sure enough, when he hovered over the sender's URL, a careful read showed a slightly different spelling of the company name in the email address.
An IT expert with a criminal mind had somehow obtained or guessed at this accounting employee's work email address and was able to make it appear as if the instructions were coming directly from the CEO. Any CEO, CFO or company owner would seemingly be a trusted high-level source within the company. However, employees in financial functions should be extra vigilant against these types of unusual requests.
The employee wondered how the phishing criminal would have known whom to choose for the email, but he was active on networking sites (as most employees are) where users or members willingly list their educational and career background information. All the IT expert had to do was join the site to access information on the company, its employees and their job titles.
Generally, people think hacking and phishing are done by people outside their company, so they never are concerned about emails appearing to be sent from within their company email systems. But certain criminals are experts at knowing how to create emails that bypass firewalls at some companies and appear to be from high-level executives within those particular companies.
According to Scott Grissom, product lead for IDShield (the privacy protection brand of LegalShield), many people are still not aware of how deeply these phishing criminals can go into a person's information. They can steal money from bank accounts, workplace information and more. The darknet sounds mysterious and foreign to most, and becoming entangled with it is far from being the adventure it is in spy movies.
Educating oneself on the darknet and the range of criminal IT activity is no longer a choice in today's business world; it's a requirement. Even if you keep a low online profile, all a phishing expert needs is your name, your email address and your birthdate. Think of the many websites that ask for this information to join groups of various types; now include all who subscribe to websites and have converted to living purely digital lives.
Grissom offers this critical advice:
1) Do not use the same username and password across different websites. Never repeat your username and password used for any of your financial institutions. Companies adopt certain formats for screen names at work, but do not reuse the password you create for your work email.
2) Never click on any link provided to you in an email that asks you to confirm or provide information, especially if you are being asked for money. Go to that company's website or use its app to sign in to your personal account to check your information.
3) Be cautious of vendors you do business with who show your member ID in a URL when emailing you. This can be a sign that they are inadvertently careless about showing identifying account information. It's an accepted practice for companies to share your information with their affiliates, so read the privacy section of all contracts, no matter how long and tedious they may be. Grissom says, "Criminal misuse of employees' personal information is not going away any time soon, so employees must take advantage of tips to avoid scams and also be extra aware of potentially criminal activity in their daily work lives."
Email your workplace issues and experiences to [email protected] For more information about career and life coach Lindsey Novak, visit www.lindseyparkernovak.com, and for past columns, see www.creators.com/read/at-work-lindsey-novak.