Tech Tip #136: 5 Things to NEVER Send Via Email

The 5 Most Dangerous Pieces Of Information To Give In An Email

In the book Spam Nation, investigative journalist and cybersecurity expert Brian Krebs revealed the single most effective (and relied upon) way cybercrime rings gain access to your bank account, credit cards and identity.

Ready for it? Email.

Whether it’s opening an attachment infected by a virus, or a phishing scam where you unknowingly give up your login to a critical web site, email still remains the most popular and reliable way digital thieves can rob you blind, steal your identity and wreak havoc on your network. Worst of all? You’re INVITING them in! While there are a number of things you need to do to protect yourself, here are five pieces of information you (and your team) should NEVER put in an email.

1. Your social security number.
   Think of this as your “bank account” number with the government. You should never email this to anyone because it can be used to open credit cards and steal your identity.
2. Banking information.
   Your bank account numbers, routing number, and online banking login credentials should never be emailed. Further, avoid sending a voided, blank check as an attachment to an email.
3. Your credit and/or debit card information.
   NEVER update a credit card via an email! If you need to update a card with a vendor, there are two safe ways to do this.

   The first is to log in to your vendor’s secured site by going to the URL and logging in. Do NOT click on a link in an email to go to any web site to update your account password or credit card! Hackers are masters at creating VERY legit-looking emails designed to fool you into logging in to their spoof site, which LOOKS very similar to a trusted web site, to enter your username, password, and other financial details, thereby gaining access.

   Another way to update your account is to simply CALL the vendor direct.

4. Login credentials and passwords.
   You should never share your passwords or answers to security questions with anyone for any site, period.
5. Financial documents.
   An ATTACHMENT that includes any of the above is just as dangerous to email as typing it in. Never email any type of financial documents (or scans of documents) to your CPA, financial advisor, bank, etc.

Remember: Banks, credit card companies and the government will NEVER ask you to click a link to provide them with any of the five items above. If you get an email requesting you to update any of the above information, there’s a good chance it’s a phishing email from a hacker. Don't be fooled!

So, I Clicked on a Suspicious Link – What Now?

If you are a CTTS Managed Services Client, give us a call right away, we'll take care of everything for you! If not, your company should have a policy in place, follow the guidelines prescribed there. Otherwise, keep the following four steps in mind:

1. Disconnect.
   Immediately terminate your internet session by unplugging the ethernet cable, turning off the router, or disconnecting from the WiFi.
2. Back That Thing Up.
   You'll want to back up your files to a DVD, thumb drive, or an external hard drive. Data and files can be easily destroyed in the event of a successful phishing attack. You should be doing this chore as regular maintenance, because in the event of a cyber-attack, you may not have the option to do a last-minute backup! At CTTS, we have some cool tools that take care of this for you, scheduled at your convenience, hourly, daily, whatever you need.
3. Change Your Password.
   It's always a good practice to change your account passwords every 90 days. After a phishing attack, it's crucial to change your email account password.
4. Full System Scan.
   Run your antivirus/anti-malware software. It's also a good idea to get a Dark Web Scan to be sure your company credentials and other passwords are not leaked as well.

If this is a work computer, it would also not be a bad idea to turn off your machine to help prevent the spread of any infection into the network.