Don't Forget to Share this Post

13 Phishing Red Flags Employees Must Know As Scams Abound

By Mary Beth Hamilton | Thursday, May 5th, 2016

The importance of employee security awareness cannot be understated. We hear and read stories too often about employees being victims of social engineering schemes. From downloading a malicious virus to falling for a wire transfer scam, these occurrences not only have financial implications to an investment firm but can also impact an employee personally and directly.

Most employees who fall prey to social engineering tactics never intend to hurt a company. In cases of wire transfer scams, for example, often an employee doesn’t follow the appropriate checks and balances at the firm or is being too "responsive" in order to impress a colleague or boss. When it comes to wire transfers, employees should always pick up the phone to verify the request.

Each week we learn of new phishing scams and targeted inbound emails (example: subject line: debt fax from <your domain here>) that have the ability to impact a hedge fund if opened by an employee.

Pop Quiz: Phishing Email Example

Following is an example of the type of phishing or imposter emails that enter employees’ inboxes. Would your employees catch at least one of the items that make this email suspicious? Note the sender email address, which includes Eze Castle Integration’s domain, the balance due amount and the type of company (medical) sending the invoice. You may (and hopefully do) have advanced email security mechanisms in place, but you still have to train your employees because scams are only going to get more sophisticated (think Eze Phishing & Training Service!).

Phishing Email Example Targeting Hedge Funds

Security Awareness Tips for Your Hedge Fund Employees

Phishing attempts can occur via email, phone, instant message, SMS or social media. Here’s what to look out for:

  • Check the sender email address as well as “to” and “cc” fields

  • Is it personalized? Be wary of generic greetings

  • Improper spelling and grammar can be giveaways as well

  • An overwhelming sense of urgency requesting personal information

  • Links! Only click on those that you are expecting (same goes for attachments)

  • Suspicious emails from trusted sources can happen. If your friend/colleague sends a strange message, their account may have been attacked.

Be aware that landing on the wrong website can expose a firm to risks, so be on the lookout for these signs that could signal it is a malicious site:

  • Culture of Security Awareness WhitepaperCheck for the presence of an address, phone number and/or email contact

  • Check the web address for misspellings, extra words, characters or numbers that seem off or suspicious

  • Roll your mouse pointer over a link to reveal its true destination, displayed in the bottom left corner of your browser

  • If there is NO padlock in the browser window or ‘https://’ at the beginning of the web address to signify that it is using a secure link, do not enter personal information on the site

  • Be wary of websites that request lots of personal information

  • Avoid ‘pharming’ by checking the address in your browser's address bar after you arrive at a website to make sure it matches the address you typed

  • Be wary of websites that are advertised in unsolicited emails from strangers

Simulated phishing attacks, such as those provided with our Eze Managed Phishing and Training Service, expose employees to safe "real-world" phish attacks and actively change an employee's cyber behavior. Learn more HERE.

You Might Also Like

Fund Manager’s Cyber Plan; Hedge Fund Operations; Employee cyber security training
Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!

Contact Us