← Return to Blog

19 Sep, 2024

Information Security Brief - September 2024

Login Here Login There; Login Everywhere

Whether you’re at work, at home, or traveling, websites and applications constantly request your credentials. In today’s digital world, your credentials are the key to accessing your bank software, email, insurance, streaming services, and much more. Malicious actors are eager to get that key, using various tactics to trick you and your customers into providing credentials to what appears to be a trusted site.

BankOnIT will never ask you to send us your credentials via email or phone.

Here are some tips to help you assess the legitimacy of a site before logging in:

Be Skeptical of Unsolicited Links

One of the most common ways hackers steal credentials is by sending unsolicited “protected emails” that encourage you to click on a link, which leads to a fake website designed to mimic the real one. Even if the email seems to come from someone you know, be cautious, as their account may have been compromised.

Check the Website Carefully

Always compare the website URL with the real website. If you receive a link via email or text, avoid clicking it directly. Instead, manually navigate to the trusted website. Malicious actors often use website URLs that closely resemble legitimate ones. Examples include: Paypall.com, A.mazon.com, or account.microsf.com. Even a single letter can make a big difference.

Multi-Factor Authentication and Password Sharing

Where possible, always enable multi-factor authentication (MFA). We have previously written about the importance of MFA and the positive impact it has on malicious actors (July 2023 BankOnIT ITSB). In addition, avoid using the same or similar passwords for your accounts. This will significantly lessen the impact if one of your accounts was to be compromised.

The best defense against these types of attacks is your intuition. If something feels off, trust your instincts. Take an extra moment to think before entering your credentials.

← Return to Blog

Disclaimer

This publication attempts to provide timely and accurate information concerning the subjects discussed. It is furnished with the understanding that it does not provide legal or other professional services. If legal or other expert assistance is required, the services of a qualified professional should be obtained.

Related Posts

Information Security Brief - August 2024

After the CrowdStrike Incident, Watch for Fraud Attempts Businesses worldwide utilizing CrowdStrike cyber security softw...

Read more

CEO Update - Q3 2024

Nearly half of all MRAs issued are for operational risk, driven by technology risks1. In its most recent semi-annual ris...

Read more

Information Security Brief - June 2024

Vacation Mode: Tips for you and your customers Whether you're headed to the beach or mountains, traveling by car or plan...

Read more