District’s quick action prevents financial loss after successful ‘phishing’ attempt
By JIM BROOKS
Nelson County Gazette / WBRT Radio
Tuesday, April 16, 2019 — The Bardstown City Schools were the victim of a “phishing” incident recently that nearly cost a district employee a paycheck.
Phishing is a cybercrime in which an individual is contacted by email, phone or text by someone posing as a representative of a legitimate institution and attempts to lure the individual into providing sensitive personal information such as social security number, banking and credit/debit card numbers and passwords.
The stolen information is then used to access the individual’s accounts and can lead to identity theft or financial loss.
Tracey Rogers, the district’s treasurer, told the Bardstown Board of Education that the incident “was the first time we’ve been compromised in that way.”
She attributed the successful phishing attempt to an employee who committed what she said was “a procedural error.”
As a result of the successful phishing attempt, when the electronic payroll was directed to be deposited in an employee’s bank account, the money was actually diverted to a different bank account.
When the error was uncovered, the Rogers said the district’s bank was contacted immediately. They learned that no funds had actually be transferred to the bogus bank account. The district recalled that money so there was nothing was lost, Rogers said.
TIPS TO AVOID BEING A VICTIM. Knowledge is power, and the key to avoid falling victim to a phishing scam that can result in the theft of your identity or personal information (collected from the Anti-Phishing Working Groupp and Comodo Security Solutions).
Be suspicious of any email or communication (including text messages, social media post, ads) with urgent requests for personal financial information.
Phishers typically include upsetting or exciting (but false) statements to get people to hand over their usernames, passwords, credit card numbers, Social Security numbers, date of birth and other personal information.
Avoid clicking on links. Instead, go to the website by typing the Web address directly into your browser or by searching for it in a search engine. Calling the company to verify its legitimacy is also an option, too.
Pay attention to the website you are being directed to and hover over URLS. An email that appears to be from PayPal could direct you to a website that is instead “http://www.2paypal.com”or “hxxp://www.gotyouscammed.com/paypal/login.htm.”
Don’t send personal financial information via email, and avoid filling out forms in email that ask for your information.
You should only communicate information such as credit card numbers or account information via a secure website or telephone.
Use a secure website (https:// and a security “lock” icon) when submitting credit card or other sensitive information online.
Never use public, unsecured WiFi for banking, shopping or entering personal information online, even if the website is secure. When in doubt, your 3/4G or LTE connection is always safer than using public WiFi
Be very suspicious of any emails you receive from trusted entities like your bank.
If the email contains a link, don’t click on it. Deceptive links that mimic legitimate URL addresses are a common tools con artists use in phishing scams. While these addresses may look official, they usually contain inconspicuous differences that redirect you to a fraudulent site. Instead of clicking on the link, type in the web address of the institution into the browser to access the website.
Look out for common phishing language in emails like “Verify your account.”
Legitimate businesses will not send you an email to ask for your login information or sensitive personal information.
Also, look out for emails that try to convey a sense of urgency. Warnings that your account has been compromised, for example, are a common way to lure victims. Again, contact the company directly to inquire about such emails rather than using any link or other contact information provided in the email.
Be wary of any email that does not address you directly. While some phishing scams will use your name in the email, many are sent out as spam messages to thousands at a time. Most legitimate businesses will use your first and/or last name in all communication.
-30-
