RIA Workspace

Blog

  • Celebrity endorsement scams – SCAM OF THE MONTH

    Celebrity endorsement scams – SCAM OF THE MONTH

    Rachel was looking for a new skincare product. She started searching the web and saw an ad for a skincare cream used by one of her favorite singers. Rachel was excited, she had just been to her concert and thought this skincare cream must be great if the singer was endorsing it. Rachel clicked on the ad and was taken to the company’s website where she was greeted with more pictures of their products and other celebrities that had tried them.

    She selected a cream and continued to checkout. After a few weeks, Rachel still hadn’t received the cream. She started to get suspicious and tried to find a confirmation email. Rachel realized she never received a confirmation.

    When she performed an internet search on the brand, she found many reviews from other customers saying it was a scam. When Rachel checked her credit card, she found multiple fraudulent charges. Luckily, she was able to call her credit card company and get the money back.

     

    Did you spot the red flags?

    • Rachel trusted the company because of the celebrity endorsement and did not research the company first before buying the product.
    • Instead of staying on well-known websites, Rachel clicked on an ad to buy the product.
    • Rachel did not receive a confirmation email for her order and did not check her credit card transactions until weeks later.

     

    What you should know about this scam

    Check the celebrity’s social media account to see if they have posted anything about endorsing the product.

    Take the time to investigate the company before buying anything. Always use a credit card when making new purchases online.

    With the rise of deepfake videos and AI voice generation, celebrity endorsement scams are getting more complex. If a product is unknown but endorsed by a celebrity, it is best to conduct further research before purchasing.

  • Microsoft Loop in Outlook and Teams: Streamlining communication and productivity

    Microsoft Loop in Outlook and Teams: Streamlining communication and productivity

    Microsoft Loop is a new tool that allows you to streamline your team’s workflows and make collaboration more efficient without switching between different apps. By using Loop in Outlook and Teams, you can keep all your conversations, files, and tasks in one place. In this article, we’ll show you how to use Microsoft Loop in Outlook and Teams and how it can benefit your team.

    Understanding Loop components

    A Loop component is a fundamental building block of Microsoft Loop that allows teams to collaborate more efficiently. It provides a centralized location for storing and managing information, making it easy for team members to stay on the same page.

    With its flexibility and integration with other Microsoft apps, Loop components are for streamlining team workflows and improving productivity. The types of Loop components you can use in Teams and Outlook are:

    • Checklists
    • Bulleted lists
    • Numbered lists
    • Tables
    • Paragraphs
    • Task list
    • Q&A (available only in Outlook)

     

    How to create Loop components

    In Teams

    1. Open Microsoft Teams and navigate to the desired team or channel where you want to create a Loop component.
    2. Click on the + icon to add a new tab.
    3. In the search bar, type Loop and select the Loop app from the list of available apps.
    4. Choose a name for your Loop component and click Save.
    5. Once your component is created, you can start adding content, such as notes, tasks, and files.
    6. To add a note, click on the Note icon and start typing. You can use the toolbar options to format your note.
    7. To add a task, click on the Task icon and enter a task name and description. You can also assign the task to a team member, set a due date, and add any necessary notes or files.
    8. To add a file, click on the File icon and choose the file you want to upload. You can also add a description and assign it to a category.

     

    In Outlook

    1. Open Outlook and create a new email.
    2. In the email toolbar, click on the Loop icon. If you don’t see the Loop icon, you may need to enable the Loop app first.
    3. Choose a name for your Loop component and click Create.
    4. Once your component is created, you can start adding content, such as notes, tasks, and files.
    5. To add a note, click on the Note icon and start typing. You can format your text using the toolbar options.
    6. To add a task, click on the Task icon and enter a task name and description. You can also assign the task to a team member, set a due date, and add any necessary notes or files.
    7. To add a file, click on the File icon and choose the file you want to upload. You can also add a description and assign it to a category.

     

    Once you have added content to your Loop component, you can share it with your team members. To do this, click on the Share button and choose the members or channels you want to share the component with. You can also set permissions to control who can view and edit the component.

    In addition to creating a new Loop component, you can also add an existing Loop component to a Teams channel by clicking on the + icon and selecting Loop from the list of available apps. From there, you can choose an existing Loop component to add to the channel.

    If you want to learn more about how to improve workplace collaboration using Microsoft 365, give our experts a call today.

  • Uploading documents securely: Enhancing data protection with the file request feature in OneDrive and SharePoint

    Uploading documents securely: Enhancing data protection with the file request feature in OneDrive and SharePoint

    Do you need clients or colleagues to share confidential documents with you, but want to avoid the risks associated with sending sensitive information via email? Are you frequently sharing large or classified files with external partners and searching for a secure and convenient solution? Look no further. Microsoft provides a powerful feature that allows you to securely collect files through a simple link, ensuring the privacy and integrity of your shared documents.

    Whether you’re dealing with financial statements, investment portfolios, legal documents, or any other sensitive files, you can trust the file request feature in OneDrive and SharePoint to enhance the security of your document management practices.

    Microsoft’s file request feature

    Microsoft’s file request feature lets you create a folder where individuals can directly upload documents to your OneDrive or SharePoint library. It works by generating a unique link that you can share with the intended recipients. The link will take them to a secure page where they can upload one or more files without needing a Microsoft account or an existing OneDrive or SharePoint library setup.

    Once the documents have been uploaded, you’ll receive an email notification and be able to manage the files from your library. This process eliminates the need to send large files over email or other apps and makes it easier to organize and keep track of assets.

    The benefit of this feature is that it restricts the people you request files from to just uploading files. People won’t be able to view, modify, download, or remove the contents from OneDrive or SharePoint folders. Also, you can delete the file request link at any time to prevent anyone from uploading files to your shared folders. That means you have complete control over who has access to your documents and the ability to keep confidential information secure.

    How to create a file request

    Creating a file request is simple and takes only a few steps. Here’s what you need to do:

    1. Open OneDrive and create or select the folder where you want the files to be stored.
    2. Click on Request files in the ribbon at the top of the page.
    3. In the “What files are you requesting?” section, type a descriptive name of the files you are requesting. The recipients will see this name when they get the request.
    4. Click Next.
    5. You can share the file request link in two ways:
      • Select Copy link and manually share this link with anyone you wish to request files from through your preferred channel (e.g., email or instant message).
      • Alternatively, enter the email addresses of the individuals you want to request files from in the “Or email people the link” field. You can add a personalized message that will be included in the email notification sent by OneDrive.
    6. Select Done.

    If you need to edit the descriptive name of your file request, simply go to the OneDrive folder where you created the request and select Request files. Modify the description and select Done to save the changes. The recipients will see the updated name when they upload files.

    How to stop requesting files

    If you no longer need to receive files from others, you can delete the file request link. Follow these steps:

    1. Open OneDrive and navigate to the folder where you created the file request.
    2. Click on the ellipsis (…) to access additional options.
    3. Select Manage Access.
    4. In the “Links Giving Access” section, click the ellipsis (…) beside the request link.
    5. Click the X symbol next to the link, then confirm the deletion by selecting Delete link.

    Note that deleting the link is irreversible. If you want to resume collecting files in the same folder, you will need to create a new file request. Send the recipients a fresh link or email invitation to initiate the file request process again.

    By leveraging Microsoft’s file request feature, you can seamlessly collect files from both internal and external parties while maintaining the confidentiality and integrity of your library’s contents. Whether you need to gather client documents, collaborate with partners, or receive files from various stakeholders, this feature allows you to do it quickly and securely.
    Learn more ways to secure your RIA or financial advisory firm’s data — get in touch with RIA WorkSpace’s specialists today.

  • An investment in security: Why RIAs need a comprehensive security policy

    An investment in security: Why RIAs need a comprehensive security policy

    Maintaining the security of client data and financial information is paramount for any registered investment advisory (RIA) firm. As cybersecurity threats continue to loom large, RIAs and financial advisors like you must take the necessary measures to protect yourselves and your clients from potential risks. A comprehensive security policy is a critical element of this effort and one that should not be overlooked.

    In the following sections, we will explore in greater detail the importance of creating and implementing a security policy for your RIA or financial advisory firm. We will delve into its role in protecting against internal and external threats and discuss its key components. We will also provide an overview of various general information security policy templates that can guide you in creating your own security policy.

    What is a security policy?

    Information security and cybersecurity are two closely related terms that encompass a variety of different measures taken to protect data, systems, and networks. Information security is a broader concept that involves the protection of all types of information, whether in digital or physical form, and includes measures to ensure the confidentiality, integrity, and availability of that information. Information security covers a wide range of areas beyond just technology, such as physical security, personnel security, risk management, and compliance.

    On the other hand, cybersecurity specifically focuses on securing digital information and systems and protecting them against cyberthreats. This entails preventing unauthorized access, attacks, and damage to computer networks, devices, and electronic data. As such, cybersecurity comprises technologies, practices, and processes aimed at preventing, detecting, and responding to cyber incidents, including malicious activities such as hacking, malware, phishing, and data breaches.

    With these definitions in mind, a security policy is essentially a set of written rules and procedures that guide an organization’s overall security practices. It is an overarching document that outlines the security goals, objectives, and measures of an organization and serves as a road map for managing both information security and cybersecurity.

    Why is a security policy important?

    The need to protect client data and financial information has become increasingly pressing in recent years, given the rising number of cyberattacks targeting businesses across all industries. A security policy serves as a critical line of defense in this landscape. It provides your RIA or financial advisory firm with the guidance and framework necessary to protect against malicious actors, defend against data breaches, and ensure compliance with applicable regulations.

    For instance, research indicates that a significant percentage of cyber incidents stem from inadvertent actions by employees, such as falling victim to phishing attempts or improper handling of sensitive information. By implementing a comprehensive security policy and providing regular employee training on best practices, your RIA or financial advisory firm can minimize the likelihood of such incidents.

    A security policy helps your RIA firm demonstrate to regulators that you have a systematic approach to information security and are taking proactive steps to protect client data. It serves as a documented proof of your commitment to compliance, which can be crucial during regulatory audits or examinations.

    How do you create a security policy?

    Developing an effective security policy may initially appear daunting, but breaking it down into manageable steps can simplify the process. When crafting a security policy for your RIA, consider the following key questions:

    Who does what, when, and why?

    • Clearly define the roles and responsibilities of your employees when it comes to protecting data and systems.
    • Outline expectations for day-to-day operations as well as specific policies and procedures to follow in the event of a security incident.

    For example, you may specify that all employees should use complex passwords and multifactor authentication when accessing systems. You may also stipulate that any suspicious activity or attempted breaches must be reported to the IT department immediately.

    Who gets access to what?

    • Establish a clear framework for user access and define which employees have permission to access specific resources.
    • Define the conditions under which access is granted or revoked, such as when an employee leaves or transfers to a new role.

    Doing such will help you ensure that only authorized personnel are accessing sensitive data and prevent malicious actors from utilizing stolen login credentials. Likewise, regularly reviewing access will help you maintain proper data security throughout any changes in personnel.

    What are the compliance requirements?

    • Consider the specific compliance standards and regulations that apply to your RIA or financial advisory firm, such as those set forth by the SEC and FINRA.
    • Outline these requirements in your security policy and ensure that all employees are aware of the industry-specific regulations and protocols they must adhere to.

    Additionally, ensure that your security policy is regularly updated to reflect any new regulation changes or updates to industry standards. This will help you maintain an appropriate level of security and stay compliant with applicable laws and regulations.

    What is the penalty for noncompliance?

    Set forth the disciplinary measures that will be taken in the event of noncompliance with your security policies. This could include verbal or written warnings, suspensions, or even termination in the case of serious violations.

    When you clearly outline the consequences of not complying with security protocols, it helps employees grasp the importance of following these measures. Not only does this ensure their understanding, but it also acts as a strong deterrent against any potential malicious activities. This also eliminates any ambiguity regarding the standards of conduct expected of your staff and advisors, thus reducing the likelihood of any missteps.

    RIA Cybersecurity Checklist: 29 Priorities to Secure Your Firm

    General information security policy templates

    To streamline the process of developing a robust security policy, RIA WorkSpace offers a wide range of general information security policy templates specifically tailored to the needs of RIAs and financial advisors. The following templates cover essential aspects of security management, providing a solid foundation for implementing comprehensive security measures.

    If you’d like a copy of these templates, please contact us.  

    Acceptable encryption policy

    The purpose of this policy is to restrict encryption use to well-established algorithms that have undergone thorough public review and demonstrated their effectiveness. It also gives direction on complying with federal regulations and obtaining legal permission when disseminating and using encryption technologies outside the United States.

    Acceptable use policy

    This policy outlines the acceptable use of organizational resources and systems, including networks, equipment, computers, devices, and applications. It details the rules employees must follow when using company resources for personal activities as well as offers guidance on handling confidential material and any potential security concerns.

    Clean desk policy

    This policy sets standards for keeping workspaces free of sensitive or important information about employees, customers, vendors, and intellectual property. It requires that sensitive documents be locked away when not in use and provides guidelines for storing confidential materials securely. Not only is having a clean desk policy compliant with ISO 27001/17799, but it is also a basic measure for ensuring privacy.

    Data breach response policy

    This policy defines the goals and procedures for responding to data breaches. It clearly states who is in charge of executing the data breach response, and includes a definition of what constitutes a breach, staff roles and responsibilities, standards, metrics for prioritizing incidents, and reporting, remediation, and feedback mechanisms.

    Disaster recovery plan policy

    This policy establishes the organization’s approach to responding to disasters that could threaten business continuity. It outlines the roles, responsibilities, and procedures for restoring systems and data in the event of a disaster as well as definitions, protocols, and expectations for responding to such an emergency.

    Digital signature acceptance policy

    This policy provides guidance on when digital signatures can be used to validate the identity of a signer in electronic documents and communication in place of traditional signatures. It aims to avoid ambiguity regarding the trustworthiness of a digital signature due to the prevalence of electronic communications.

    Email policy

    This policy outlines expectations for using email systems, such as standards for acceptable content and language, company-wide guidelines on employee usage, and protocols for protecting confidential information sent via email.

    End user encryption key protection policy

    This policy sets forth the rules and procedures for protecting encryption keys used to encrypt and decrypt data on organizational systems. It covers topics such as key generation, storage, backup, archiving, and destruction, which are critical to ensuring the security and integrity of sensitive information.

    Ethics policy

    This policy defines standards of behavior expected from employees and any other individuals associated with the organization, such as contractors, vendors, and consultants. It outlines expectations regarding confidentiality, conflicts of interest, and acceptable behavior in the workplace and ensures that everyone is aware of the company’s commitment to ethical practices.

    Pandemic response plan policy

    This policy outlines protocols for responding to pandemics and other public health emergencies. It addresses personnel responsibilities, safety measures, communication strategies, and operational continuity plans. This is in addition to the regular disaster recovery plans that should be in place for a range of disaster scenarios.

    Password construction guidelines

    This policy provides best practices for creating strong passwords that are difficult to guess and crack. It sets minimum standards for password length and complexity as well as guidelines for password rotation, storage, and usage.

    Security response plan policy

    This policy defines the procedures for responding to security incidents, including breach detection, containment/remediation, and investigation. It also includes instructions on how to handle threats, such as malware and phishing attacks. Implementing this policy enables swift response to security incidents, effectively preventing them from escalating into major crises.

    By establishing and adhering to these security policies, you can effectively manage the security of your RIA firm and create a safe and reliable environment for your employees, clients, and other stakeholders.

    Contact us at RIA WorkSpace to discuss how we can help you develop a comprehensive security program.

  • The RIA’s guide to sharing SharePoint files and folders

    The RIA’s guide to sharing SharePoint files and folders

    Secure collaboration is an essential part of financial advising, and it is imperative to ensure that your RIA firm’s sensitive data is properly shared and managed. With Microsoft SharePoint, you can provide employees, clients, and external partners with access to the files they need while keeping your firm’s information safe, all without relying on third-party apps like Dropbox and Laserfiche. SharePoint offers robust built-in functionality for secure document storage and file sharing, eliminating the need for additional tools.

    Here are some steps for securely sharing files and folders in SharePoint.

    Sharing files and folders in SharePoint

    Are there specific files or folders in your SharePoint site that you’d like to share with someone who doesn’t have access to the site? There are two ways you can do this: by sending them an email invitation or by giving them a link to the file or folder.

    By invitation

    Sending an email invitation to individual users or groups lets you keep track of who has access to the files and remove permission for any user or group at any time. To share files and folders by email invitation, follow these steps:

    1. Go to your SharePoint document library.
    2. Pick the file or folder you want to share, then select the circle icon on the left side of the item (if you’re using List view) or in the top right corner (if you’re using Tiles view). If you’d like to share multiple items at the same time, simply add the files to a folder and then select the folder.
    3. Click the Share icon located at the top of the page and a pop-up window will appear.
    4. Open the link settings by clicking Anyone with the link can edit under Send link. Here you can select who you want to give access to: Anyone with the link, People in <Your Organization> with the link, People with existing access, or Specific people.
    5. Under Other settings, you can customize the following options:
      • Allow editing lets users with a Microsoft account make changes to files or folders they have access to, such as copying, moving, editing, renaming, sharing, or deleting them. If you disable this option, people can view, copy, or download your items without signing in to an account and forward the link to others, but they cannot modify the file or folder in your SharePoint library.
      • Block download prevents others from downloading files or folders even if they have access to them.
      • Set expiration date lets you set an expiration date for the shared link, after which it will no longer be accessible. You will need to create a new link to share the file or folder again after that date.
      • Open in review mode only allows users to view the file or folder and leave comments or make suggestions but prevents them from making any changes.
    1. After configuring the link settings, click Apply.
    2. In the Name, group or email field, enter the email addresses or contact names of the people you want to share the file with. You can also add a message to include in the email.
    3. Finally, click Send to send out the email invitation.
    Related reading: Does your RIA firm need to back up SharePoint?

    By link

    If you’d like to share items with many people without having to invite them one by one, you can use the Copy link function and send the link via email, message, or online post. Take note that you can set permissions as to whether people who have the link can view or edit the file or folder. However, they cannot upload new items. Also, keep in mind that users can also forward the link to others, and they are not required to sign in to a Microsoft account to be able to access the file or folder.

    To share files and folders by link, follow these steps:

    1. Go to your SharePoint document library.
    2. Select the circle icons of the files and folders that you want to share.
    3. Click Share and a pop-up window will appear.
    4. Open the link settings by clicking Anyone with the link can edit under Copy link. Then, select who you want to give access to: Anyone with the link, People in <Your Organization> with the link, People with existing access, or Specific people.
    5. Under Other settings, check or uncheck the boxes to Allow editing, Block download, Set expiration date, Set password, and Open in review mode only.
    6. After configuring the link settings, click Apply.
    7. Under Copy link, select Copy, then paste the link into the email, message, or post you want to send.

    SharePoint provides a convenient way for RIAs and financial advisors like you to collaborate with clients and external partners while maintaining complete control over your data. With features like individual invitations and public sharing via links, you can easily share documents, images, and other files with the right people. You can also set permissions for viewing or editing, add passwords, set expiration dates, and more to ensure added security.

    Discover how SharePoint can help ensure secure digital collaboration in your firm by scheduling a consultation with us today.

  • Uncovering the risks of password autofill

    Uncovering the risks of password autofill

    Convenience reigns supreme in the digital age, and password autofill is a major part of that. But what many people don’t realize is that using this feature can actually put their personal data at risk. By understanding why password autofill is so dangerous, you can take steps to safeguard your sensitive information from malicious hackers.

    The risks of password autofill

    Password autofill is a convenient feature found in most browsers and password managers. This feature allows users to automatically fill out login credentials on websites and applications. While it may seem like a time-saver, it’s crucial to be cautious when utilizing this feature.

    Hackers can easily gain access to saved passwords and personal information stored in autofill, leaving users vulnerable to identity theft and other forms of cyberattacks. All they have to do is sneakily place an invisible form on a compromised webpage. When your browser or password manager automatically fills in your login details, then it’s game over for you and hackers win.

    Autofill also tracks users

    Did you know that the password autofill feature could be used to track your online activity? Irresponsible digital marketers can exploit this tool to keep tabs on your behavior. Similar to how hackers do it, they place hidden autofill forms on their websites and use them to collect your information without your consent, which they then sell to advertisers. While some may claim they’re not after your passwords, there’s still a chance that your sensitive data could be compromised.

    How to protect yourself

    When it comes to keeping your online accounts secure, you might want to turn off password autofill. This quick solution can help protect your personal information from prying eyes.

    Here’s how you can disable this feature on different browsers:

    • Microsoft Edge: Go to Settings and click Profiles. From here, select Passwords and disable Offer to save passwords.
    • Google Chrome: Head to the Settings window and select Autofill. Disable Offer to save passwords and Auto Sign-in.
    • Firefox: Click Passwords from the browser’s menu. Click Options from the logins menu, which will lead you to the “Privacy & Security” panel. Under the “Logins and Passwords” section, uncheck Autofill logins and passwords.
    • Safari: Open Preferences and select the “Auto-fill” tab to turn off any autofill options related to usernames and passwords.

     

    Being proactive and implementing more robust security strategies helps protect your personal data from malicious actors. Reach out to our cybersecurity experts for more information on staying safe online.

  • Choosing the most secure web browser

    Choosing the most secure web browser

    With cybercrime on the rise, it’s more important than ever to use a web browser that is packed with features to keep your business’s data safe. In this article, we will discuss four of the most secure browsers available and how they can help protect your business.

    Brave

    Brave has been gaining traction in recent years. It enables users to browse the web safely and efficiently, using faster boot times and improved security features. It also includes integrated support for popular services like YouTube, Netflix, and Twitch, making it easier than ever to access content without having to worry about malicious ads or popups. Additionally, Brave boasts a series of custom privacy settings to ensure that all user data is secure and online transactions remain private.

    Epic

    What sets Epic browser apart from other browsers is its commitment to user security and privacy. Unlike some other browsers that offer no more than basic encryption protocols and cookie deletion features, Epic uses end-to-end encryption and blocks almost all trackers for total privacy. In addition, to protect users’ personal information, Epic does not allow advertising cookies or store any data about browsing history. And by utilizing a trusted virtual private network (VPN) and Epic’s advanced features, you can protect your online identity from those pesky IP-leaking calls.

    Mozilla Firefox

    Mozilla Firefox is one of the most secure browser options available today, thanks to its strong security features and constant updates. Firefox has both a standard sandbox approach, which limits the amount of direct access any website or software can gain, and an advanced sandbox for more sensitive information. As a result, malicious sites are blocked before they can affect users’ systems. Furthermore, Firefox regularly runs automatic background updates to ensure that users have the latest security patches applied quickly. All of these factors work together to make Firefox one of the safest browser options available.

    In addition, Firefox offers various security options to keep you protected. With anti-fingerprinting, improved tracking protection, data breach notifications, and 256-bit encryption, you can configure your level of protection to ensure maximum safety.

    Tor Browser

    Tor Browser was developed with the revolutionary onion routing technique. This technology allows Tor to shield you from browser fingerprinting and keep your identity hidden. This can be incredibly useful for situations such as accessing government documents or visiting restricted websites.

    Tor also has built-in features that allow users to customize their browsing experience even further, such as disabling javascripts and other tracking technology used by sites. Tor is so secure that it’s the only browser that can access the dark web. It’s no wonder that computer expert and intelligence consultant, Edward Snowden, gives it his seal of approval.

    If you need assistance in finding the right browser for your business, contact us today. Our tech and security experts will help you find the best web browser and security solution that fit your needs.

  • Website Spoofing – SCAM OF THE MONTH

    Website Spoofing – SCAM OF THE MONTH

    Joe was preparing to make a big purchase as a surprise for his wife, so he first checked their bank account balance on their bank’s website. Joe typed in the bank name on his search engine and clicked the first search result that came up. The search result included the bank’s name and stated it was the official login page.

    As the page loaded, Joe noticed that the URL was different than normal and that the lock symbol was missing from the address bar. Before Joe could exit the website, it loaded, and his fears were confirmed.

    A red pop-up appeared stating, “Your device has been infected with Malware.” Joe panicked and clicked out of the website. At first, he was terrified, thinking of all the damage he could have caused. But then, he started thinking of his cybersecurity training. Joe scanned his computer for malware and once it was clean, he changed his bank password and all other passwords that could have been compromised.

     

    Did you spot the red flags?

    • Joe didn’t check the URL before clicking on the website, he just checked the name which can be modified to mimic real websites.
    • Instead of scrolling down past the ads, Joe clicked on the first search result that popped up.
    • Joe could have typed in the bank website directly, but he entered the name into the search engine instead.

     

    What you should know about this scam

    Type in websites directly and for websites you visit often, bookmark them on your browser to avoid search engine ads.

    Avoid ads at the top of search results. Cybercriminals can pay to have their websites posted as ads. Consider using an ad blocker.

    Avoid searching for websites on your phone as it is harder to tell if they are secure and easier to accidentally click on an unknown link. If you do click on a malicious link, alert your IT department or someone at your organization.

  • Work-related scam emails – SCAM OF THE MONTH

    Work-related scam emails – SCAM OF THE MONTH

    It was a typical day at the office. Connor was checking his inbox when he saw an email from Sarah from HR titled, “Important Dress Code Updates”. He was intrigued. Did something happen with the current dress code? What changes were going to be?

    Connor opened the message. It said he must sign a document to show he has read the new policy. There was a link in the message to the new policy and a document to sign. When he clicked the link, he was brought to a website that asked him to make an account. Connor figured it must be a new website HR was using. He entered his phone number, birth date, and other details to sign up.

    Once the information was submitted, the screen didn’t show the new dress code policy. Frustrated, Connor went over to Sarah’s office to ask her about it in person. After talking to Sarah, Connor was shocked to find out she knew nothing about the email.

    Did you spot the red flags?

    • Connor didn’t check the sender’s email address. He saw it was “Sarah from HR” and didn’t look closer.
    • Instead of checking with someone first about the new website, Connor entered all of his personal information.
    • Connor let his emotions get the best of him. Cybercriminals often push us to act with “important” messages about topics we expect to see from work.

    What you should know about this scam

    Always examine the sender’s email address closely, even if the name looks familiar. Walk through the SLAM method (sender, links, attachments, message) before acting.

    Scammers will create a sense of urgency and call a user to action. Common examples ask a user to sign a document, view an update, or complete an urgent work-related task.

    2022 saw an increase in work-related scam emails. Before clicking any links or attachments, check with the person directly to make sure the message is from them. Even if the message appears to be from a website your company uses, it is best to check before clicking any links or entering any information.