Cyber Security TipsCategory:
"Phishing" is the most common type of cyber-attack that affects organizations like ours. Phishing attacks can take many forms, but they all share a common goal —getting you to share sensitive information such as login credentials, credit card information, or bank account details. We’ve outlined a few different types of phishing attacks to watch out for:
- Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an email asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
- Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to "Parkinson's Resource Organization" or "PRO" in the email to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
- Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official in your community and ask you for sensitive information (including usernames and passwords).
- Shared Document Phishing: You may receive an email that appears to come from a file-sharing site like Google Drive (Docs and Sheets), or Dropbox, alerting you that a document has been shared with you. The link provided in these emails will take you to a fake login page that mimics the real login page and will steal your account credentials.
Follow these email best practices to mitigate the likelihood of infecting our systems.
- ONLY click links and attachments from senders you recognize. Be especially wary of .exe and .msi files as well as .zip, .7z, or any other compressed or executable file types.
- DO NOT email sensitive personal information (like usernames and passwords).
- Watch for email senders that use suspicious or misleading domain names.
- Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
- DO NOT try to open unexpected shared documents
- Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
- When you cannot determine whether an email is legitimate or not, stop and contact the sender via phone to verify.