Many of our customers have asked us how to effectively identify and avoid "phishing" when using NetDocuments. Phishing is defined as "the activity of defrauding an online account holder of private information, usually by posing as a legitimate company or person."
While we have taken the necessary steps to protect the NetDocuments Service from such attacks, it is important that you use caution when dealing with emails that contain links and attachments. Most ransomware attacks are distributed through phishing emails. Here are some tips that will help you stay safe when dealing with a phish:
Watch out for emotional appeal:
- Greed – Phishing emails often dangle a financial reward of some kind, if you click a link or enter credentials.
- Urgency – Email will provide a strict deadline for performing an action.
- Curiosity – We are all curious, watch out for emails that promise to show something exciting or forbidden.
- Fear – Emails that threaten you with negative consequences or punishment should be treated with suspicion.
Examine the following items closely:
- Email signatures – A signature that is overly generic or doesn’t follow company protocols.
- Sender Address – Email address does not match the sender name or associated business
- Attachments – When an attachment comes from someone you don’t know or if you weren’t expecting the file, make sure it’s legitimate before opening it.
- Log-in Pages – Phishing emails will often forge login pages to look exactly like the real thing in order to steal your credentials. Do not follow links in the body of the email. Take the time to manually navigate to the website provided.
- Links – Roll your mouse pointer over the link and see if what pops up matches what’s in the email. If they don’t match, don’t click:
While there are countless ways one might encounter or fall victim to a phishing scam, you can learn to identify scams by using a few simple tips:
- Be on the alert for suspicious or unusual e-mails or e-mail addresses, including attachments.
- Be familiar with the websites and services you use. NetDocuments uses three URLs depending on which datacenter you access - vault.netvoyage.com or eu.netdocuments.com or au.netdocuments.com. Do not click on any links that do not have these URLs.
- Immediately report any phishing scams to your system administrator. They can configure either your firewall or your email server to block incoming messages from unwanted senders. Reporting the scam quickly may also prevent other employees at your firm from making a mistake.
- If you are still not certain, report the phishing scam to your vendor or service provider (NetDocuments). They can tell you whether something is legitimate or not.
Below are resources to help you identify and avoid phishing and other Internet-related scams:
Securities and Exchange Commission - how to avoid phishermen
Federal Bureau of Investigation - scams & safety
Department of Homeland Security - avoiding phishing attacks
Microsoft - how to recognize phishing
Sophos - steps to avoid being phished
Norton - spear phishing scams