Weaver Earns CISSP Designation

Warfel Construction Company is pleased to announce Senior Director of IT Phil Weaver has earned the Certified Information Systems Security Professional (CISSP) designation. The CISSP certification is one of the most globally-recognized standard of achievement in the IT security field. Administered by (ISC)2, passing the CISSP exam requires extensive knowledge of the cybersecurity field, at least five years of experience in the IT industry, and several months of intensive study.

A graduate of Elizabethtown College, Weaver joined Warfel in February 2015. As Senior Director of IT, Weaver’s responsibilities include overseeing the design and implementation Warfel’s IT equipment and network infrastructure, maintaining the company’s information security, and managing the IT needs of all the organizations employees across the Mid-Atlantic region.

Weaver lives in Marietta, PA with his wife and children.

Phishing: Don’t Get Hooked

You may have had an encounter with a phishing (pronounced “fishing”) scam, or have heard the term. Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their sensitive data secure. Much as the name suggests, cybercriminals use legitimate-looking emails, websites, social media messages, or texts as “bait” to trick users into conveying valuable personal information. Businesses, of course, are a particularly worthwhile target.

WCC IT Security Training

The most common phishing attack is an email message that contains a malicious link and/or attachment. The whole premise of a phishing scam is to convince you to click on the link or open the attachment contained in the message. When you do this, the link or attachment downloads a virus, or takes you to a malicious website, that often looks like a trustworthy company’s website.

If the phishing email contains a link to a fake website, users are then tricked into entering login credentials, credit card information, account information, and other sensitive information that the cybercriminal then uses to take your money, steal your identity, or impersonate you.

Furthermore, if the phishing attack has a malicious attachment, by opening it you can infect your computer with malicious software. This malicious software can do several undesirable things, such as record your keystrokes, install a virus or other destructive software, or even provide an intruder with remote access to your computer.

Many people think it’s a cinch to avoid getting reeled in by a phishing scam. After all, all you need to do is avoid clicking on a link in an email or text message. How easy is that? Unfortunately, some cybercriminals are extremely good at what they do. Many phishing emails include convincing brand logos, language, and a seemingly valid email address that can fool even the most experienced users.

Here is a list of a few tactics to help you avoid get hooked by a phishing attack:

  1. Be Skeptical – Never click an unexpected link or download an unfamiliar attachment, even if it’s from someone you know. Be especially distrustful of any message that requests personal information, even if the sender appears to already have some of your personal information.
  1. Don’t Trust the Display Name – A favorite phishing tactic among cybercriminals is to spoof (fake) the display name in the “from” field of an email. This is very easy to do, which makes it even more important to pay close attention to the email address of the sender.
  1. Inspect the Senders Email Address – Cybercriminals sometimes buy domains that are very similar to a real company’s domain name, so email messages appear to be coming from a trustworthy company. The domain name is the name following the @ symbol in an email address, and it should match the company’s website. For example, an email from joesmith@abccompany.com should be coming from the ABC Company which can be found on the internet at www.abccompany.com. If the sender’s email address domain name doesn’t match the company’s domain name exactly, don’t open it.
  1. Look but Don’t Click on Links. – Cybercriminals love to implant malicious links in legitimate-looking messages. You can hover your mouse over any links, without clicking, to see where it is taking you. If the link address looks suspicious, don’t click on it.
  1. Analyze the Message – Is the email addressed to a vague “Valued Customer?” If so, watch out; legitimate businesses will often use a personal salutation with your first and last name. Also, many phishing emails are riddled with bad grammar and spelling. No legitimate company would allow this and is a sure-fire way to identify a fake email.

It is important to note that following these 5 simple tactics will help to mitigate the risk of getting hooked by a phishing scam, but it is also important to follow other email security best practices. These include; protecting your systems with a firewall, spam filter, anti-virus and anti-spyware software, and always installing security updates for both your operating system and other software.