Phishing Emails and Cyber Security Tips

Brokers, watch out for this phishing email and other cyber security tips

There is a new scam in town, and it’s targeted towards companies and their websites. We’ve been getting more and more reports of this phishing email making its rounds to various staff members across multiple brokerages who use a variety of website platforms and web companies.


Here’s the email, we’ve seen this and several variants of it:

Hi,

This is Melanie and I am a licensed illustrator.

I was discouraged, frankly speaking, when I came across my images at your website. If you use a copyrighted image without my permission, you need to be aware that you could be sued by the copyrigh owner.

It’s illegal to use stolen images and it’s so disgusting!

Check out this document with the links to my images you used at xxxxxxxxxx.ca and my earlier publications to get evidence of my legal copyrights.

Download it now and check this out for yourself:

download-file.xls

If you don’t delete the images mentioned in the document above within the next several days, I’ll write a complaint on you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.

And if it doesn’t work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.


Here’s what you need to do if you’ve received this email:

  • Do not click it or open it. Forward it to your IT team or simply delete it.
  • If your website is created by Trufla, we only use stock images, and all copyrights have been paid for.

Why is this happening now?

Since remote work has become more prevalent over the last couple of months, we’ve seen an uptick in phishing emails in all its forms being sent out to customers, staff, friends and acquaintances. Why? Because frankly, it’s easier to scam people when they’re not working within the secure network and firewalls of their office.

How to tell it’s a phishing email:

  1. Check the spelling – One obvious giveaway is bad spelling. Pay attention, if you see a lot of spelling errors, delete or send to IT to examine.
  2. Hover before you click – Phishers often try to conceal URLs leading to malware this way, so a good rule of thumb is to always hover over hyperlinks in emails before you click them. This will reveal the true destination of the URL, no matter what the linked text says.
  3. Be suspicious of generic greetings – Any messages addressed generically, especially ones regarding financial transactions, are suspicious.
  4. Be wary of attachments – In all circumstances: unexpected attachments should not be opened. The risk is simply not worth it.
  5. Don’t be intimidated –Phishing email attempts will often seek an emotional response from the recipient using inflammatory or threatening language. Other examples include emails claiming to be from a bank or even a law enforcement agency threatening account closure or arrest if immediate action is not taken.

How to educate your staff on Cyber Security

Now more than ever, it’s crucial to keep your staff informed on cyber security best practices. Here’s our top 5 tips on how to reduce your chance of employee cyber security incidents

  1. Create a Cyber Security work from home (WFH) policy. Don’t know where to start? Download ours for free here.
  2. Send bulletins out to your staff whenever a phishing email has been reported, chances are more people on your team are receiving them
  3. Send out monthly or biweekly newsletters on Cyber Security tips and best practices
  4. Have a cyber or privacy breach plan in place. How to report it, who needs to know, etc.
  5. Top-down communications: Get your leadership team involved. Organize huddles to discuss examples of malware or to go over best practices.