Sound Computing Solutions

The problem of scammers and hackers using fake or phishing emails to gain access to private date is not new. However, the sophistication and effort into making these emails appear legitimate has increased. This activity has led to a spike in the amount of data stolen and used to forge identities, make illegal financial transactions and other illicit activities.

​

The pattern is familiar. You received an email that appears as if it came from a well-known service or software program. The email will state with a sense of urgency that your account requires attention and needs updating. The email will direct you to open a link where you can update your information. You open the link and enter the requested information. And now, at this point, your personal information is in the hands of scammers and hackers. The recovery from this type of data breach can be lengthy, time consuming and costly. And while no fool-proof way of preventing this from happening exists. The items listed below can help reduce this risk.

​

-Situational awareness

Be cautious with responding to or acting on any emails asking to update or verify confidential information. Even if the email appears legitimate, look for other methods to verify its authenticity. Check the website of the sender and look for contact methods not provided in the email or the link. Use these methods to contact the sender independently and ask if the email is legitimate.

​

If you receive a message asking to reset a password for an account that you did not initiate a password reset for, this is a scam.

​

Check the email for spelling and grammatical errors.

​

Check the sender’s email address and the links provided in the email. Sometimes the reply to address will be spelled differently than what the

legitimate company's address might be, micosoft.com vs. microsoft.com.  The links in the email may appear legitimate but will point to a different site than the apparent sender.

​

-Additional security

All online accounts, including email, should use Multi Factor Authentication (MFA). This is an additional step in the login process after you enter your password. In most cases it requires you to enter a code from a text message or an app to gain access to your account.

Use secure passwords. Passwords should be a minimum of eight characters long and contain the following; at least one upper case letter, one number, and one special character. 

​

Do not use the same password for multiple applications.

​

Do not save your password on your phone or browser.

​​

-Consider using third part spam filters or programs

Most large email providers will have built in tools for filtering spam and phishing emails.  However if you are still receiving large amounts of spam consider installing software in your email program to provide additional filtering.

 

-Ask for help

One of the more sophisticated iterations of this scam recently came to our attention. A current customer received an email from Microsoft asking them to update their account information. The link in the email pointed to legitimate Microsoft website, the reply to address was a legitimate Microsoft address. The grammar and spelling in the email were correct. However, the email the email was fake.  Fortunately, they were suspicious of the email due to it requesting an immediate response and asked for our help. There were no technical issues on the surface of the email to suggest that it was fake. However, the code behind the delivery of the email (email header) clearly tagged this email as spam.

​

If you have questions or concerns regarding your email security please feel free to reach out to us via methods listed in our Contact Us page.

​​

Regards,

Sound Computing Solutions

​​