#66 Phishing Schemes Getting More Devious
One of our associates recently received the email below.
What’s Wrong with This Picture?
This email is, no doubt, a “Phishing Scheme.” That means someone is trying to get you to click on a link so they can either get data from your system, or plant a “Trojan Horse” program on your system. Trojans can do things like send all of your keystrokes to a site which will capture your passwords and logins to sites like banks.
The email looks so helpful! It even has a link to elect out of the emails! It even has a copyright!
How Do You Know?
Hovering your mouse over the link shows you where the link will take you. In this case it has nothing to do with where our mail is managed. We have no idea about StylesByChristina. That’s a dead give-away.
Rule #1: DON’T CLICK
You were fine before you got the mail, and you’ll be fine if you don’t click. If it’s about your bank account or credit card, call, but use the number on the back of your card. Just don’t click unless you are 100% sure where the click will take you.
Rule #2: Have A Great Security Program
Many virus programs protect you against malicious web sites. It takes a couple of days before the malicious site is discovered, so you may not be 100% protected, but it adds an additional layer of protection.
Also, part of any security program is educating and training your employees not to follow links in emails.
What Does This Have To Do With Advisors Assistant?
Advisors Assistant’s Web Based option has a feature in its 3 factor authentication that helps protect you against Trojan programs that record keystrokes.
There is an authentication that takes place just before you see your login screen which consists of many characters sent by the program, and is not keyed in by the user. These characters are unique to each of our users’ databases and are stored encrypted, so even if someone were to get the file where the authentication is stored, the AES 256 bit encryption would give you lots of protection.
If the authentication is not validated, the login screen with the User ID and Password will not be shown, so even if the hacker’s Trojan program captured them, they would not get the input screen.
Did I mention “Just Don’t Click?”