SHARING A LETTER TO THE PRO TEAM FOR YOUR EDIFICATION 

SHARING A LETTER TO THE

PRO TEAM FOR YOUR EDIFICATION

Dear PRO Team,

To further enhance our cyber defenses, we want to highlight common cyber-attacks that everyone should be aware of... phishing.

    “Phishing” is the most common type of cyber-attack that affects organizations or individuals. Phishing attacks can take many forms, but they all share a common goal—getting you to share sensitive information such as login credentials, credit card information, or bank account details. Although we maintain controls to help protect our networks and computers from cyber threats, we rely on you to be our first line of defense. We’ve outlined a few different types of phishing attacks to watch out for.

• Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an email asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
• Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to «Parkinson›s Resource Organization» or «PRO» in the email to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
• Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and ask you for sensitive information (including usernames and passwords). 
• Shared Document Phishing: You may receive an email that appears to come from a file-sharing site like Google Drive (Docs and Sheets), or Dropbox, alerting you that a document has been shared with you. The link provided in these emails will take you to a fake login page that mimics the real login page and will steal your account credentials.

    It’s your responsibility to follow these email best practices mitigating the likelihood of infecting our systems.

    Only click links and attachments from senders you recognize. Be especially wary of .exe and .MSI files as well as .zip, .7z, or any other compressed or executable file types.

    Do not email sensitive personal information—like usernames and passwords—or constituent information.

    Watch for email senders that use suspicious or misleading domain names.

    Inspect URLs carefully to make sure they’re legitimate and not imposter sites.

    Do not try to open unexpected, shared documents.

    Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.

    When you cannot determine whether an email is legitimate or not, stop and immediately inform a senior staff member to help assess the risk of interacting any further.

                Thank you for keeping our network, and our team, safe from these cyber threats.