We have been seeing a sharp uptick in hackers trying to harvest passwords from our customers. While it is a ‘less sophisticated’ level of hacking, it is still very effective. If hackers are able to harvest passwords from important company contacts within an organization, they can often get the ‘keys to the castle’ with the right password.
Here are some quick tips to ensure that you do not become a victim to password harvesting:
- If you get an email from an internal contact that seems ‘off’ – give them a call and verify they sent it. This is often how hack attacks are discovered.
- If you get a ‘login’ request from a service you use, check the url/web address (see below) and look for typos before entering your information
- make sure when typing in a URL (web address) that you are typing the correct address. Hackers often buy misspelled domains to trick unsuspecting users into believing they are at the intended site. This is referred to as typosquatting.
- If you get an email from what looks like an internal contact, make sure to check the actual email address. A top phishing scheme we see often is that someone NAMES an email address as an internal contact, and then emails contacts within that company to try to gain access. An Example of that would be – John Brown at Acme is a principle of Acme. Jane in accounting gets the following email:
John Brown <[email protected]>
Jane, Can you forward me the login information for the bank account? I am out of the office and I do not have that information with me.
Thanks,
John
For more information on these types of phishing attempts, you can read more here