As part of our own Jonathan Garber’s webcast series, he continues to interview leaders in the community who share tips and strategies to help us all Thrive during the Coronavirus shutdown. Today, Jonathan is joined by David Bennett of Connections for Business, South Florida’s premiere business IT support company. They discuss the emergence of COVID-19 Scam and Phishing Attack emails, what to look for and how to avoid them.
If you’re a leader and want to share your knowledge with the market, email Jonathan at [email protected]
Hi everybody, Jon Garber from Flying Chimp Media, and I’m back with a question. Have you gotten a suspicious email since the covid shut down? Well, there are at least three easy things you need to know to protect yourself and your business and you’re going to find out about them now joining me on conference is my dear friend David Bennett from connections for business. Good morning, David. Good morning, Jon. Thanks for having me. Thanks so much for taking the time to meet with me David. You are representing the oldest technology company in Florida as I recall and so you have a lot of experience in it from the Mainframe days up to the cloud, you’re saying I’m old. Yes. Well you weren’t you weren’t doing a lot of main framework yourself back then, but you know, you do have the distinction day. But if I had an award, I would give it to you, I think. Maybe the last remaining male in the United States who will read a product manual. So that’s very true. Unfortunately, that’s very true. That’s Light reading for you is the actual product manual. So terrific David obviously people working remotely that’s always been huge people working out of the cloud people video conferencing, but you know you and I have seen in South Florida a lot of hurricanes, a lot of other disasters and we’ve talked in the past. It brings out the best in people and it brings out the worst in people and I love seeing the best. But sometimes I see the worst and I see it in my inbox what should people look for. Do you have some clear tips people should look for to not click on something and suspect that it is scam phishing attack malware? Yep. It’s a good question. And John you’re right. It seems like whenever there is a crisis or a problem going on the vultures come out and try to play on people’s fears to get them to click. So, it’s not the vultures are not always out. They are it’s just they change their tune. They change their messaging to be in line with what’s going on. So, for example, if eBay had just had a compromise problem and it was all over the major media saying that pass use names and passwords were compromised on eBay the vultures would come out and send you email saying due to the recent eBay hack. We’d like you to click here to change your password. Well, that’s a that’s a that’s a move where they are in tune with what’s going on in the news and really all they’re doing is trying to get you but you fall for it you know, it’s true from the news and so you so you so you do something. So, a couple of tips for you and this is true all the time not just now during this particular covid-19. Crisis, it’s all the time. And the first and foremost, this is all you do. In fact, I’m going to pause for a minute. I want to go get everyone go get a magic marker. We’ll grab that magic marker or pen. And I want you to write this down on your hand. Look before you click. Write it down. Look before you click if you think it’s silly actually write it on your hand. And here’s the reason why I want this to become a new habit and won’t away. Thank you. John’s going to write on his ever-ready journal look before you click and maybe we’ll even get some time and I’ll show you what I mean by that but the key is when you have when you receive something, it’s got a URL in that so here’s that mystical masters from eBay. Let’s say well hover your mouse over if you’re on a computer hover your mouse over that you are. Well and will pop up and will show you the URL that you’re going to go to if you click on it look closely if you see I’m a Russian who wants to hack you and steal all your money. Dotcom well, you know, that’s not eBay don’t click on that. That would be a bad thing. If you get an email purporting to be from Bank of America for you to go ahead and check on your recent distribution from the government for the aid for this covid-19. That’s a common one. Right a business owner may get something for PPP or you as an individual may get something about your distribution for you and your family and they just change these emails with your particular banking information. Take a look at if it doesn’t if it’s coming from Bank of America, but when you click on it doesn’t actually show Bank of America the URL, but it’s just somewhere in Russia or somewhere in Iran or somewhere in China. That’s not a legitimate email. So, look before you click that is the number one thing to do. Here’s the second thing if somebody sending you a document my dear friend Jonathan sends me a document if I wasn’t expecting a document from Jonathan. I’m actually not going to open it even though I know to Jonathan is Jonathan. I have known each other almost 20 years together doesn’t matter. Jonathan had sent me a text and said there’s a really funny document, but I don’t get Ellie can only send it to you the word document. So, keep your eyes open for it, but I’m cool with that. He sent me a message. But if he just blindly sent me a word document. I’m not opening it. I’m just not going to do it. I have to know that I’m expecting to receive a document. Otherwise, I’m not going to open it. Now you might say as paranoia. But yeah, my job is keeping your data safe. And so, look before you click is number one number two don’t open documents that you’re not expecting. from somebody and the third goes along with it don’t up and documents at all. If you don’t know the person, I don’t care who they are this past week. I got several examples of requests for DocuSign now; I was in the process of filing for a PPP and so the bank was sending me different documents for DocuSign. I had four or five different ones that were all scams along with two that were legitimate from my bank. Hard to tell the difference because documents look the same. Listen, we can laugh at the old at the grammar stuff and that’s kind of old news and sure, you know spam stands out if it’s got bad grammar, you know, it’s spam throw it away, but the old days of the Nigerian prince offering us to 5000 to transfer 15 million dollars except for yeah, those are pretty much gone and most of the stuff is really crafted and looks legitimate. And so, the only rule only real way to know is to look before you click. Listen, one more cool. I’ll give you is if you’re on a phone or a tablet we might say well, there’s no mouse. How do I do that? If I’m on my phone or my tablet? What you do is you touch the link you don’t touch it. Let it go you touch and hold it. And when you touch and hold that link on your screen, it will pop up that same little window and show you the URL that you’re going to look at it before you before you actually click on it. Go somewhere now. Listen, if you still aren’t sure just delete it. That’s it. Just delete it. If you’re not sure just delete it. If you have somebody and IP or an IT person ask them for advice, but if you’re not sure I tell my dad if you can’t ask me then just delete it because guess what there’s nothing that’s so that’s so critical you’re going to miss out on because if it was at the bank needed some information from you, they send you a follow-up email. That you use it’s not hard to send something from a bank because there are maybe three major Banks out there that are you know Bank of America Wells Fargo a couple of so if they send that to everybody the odds are in their favor you use by themselves, right? I got dark and dry Netflix. We’re suspending your it. You got to click your input in new payment. I go wait a minute. Now. I’ve been around I look at the return address and I go you know; Bob Lipsitz Male serve blah blah blah dot t– e dot r u dot C ta whatever China’s, right? I go wait a minute. Almost all of these services including your bank including your Netflix if you open up a browser and you log in knowing that you went to the URL if they have a message waiting for you. It will be there. Right all of these Services Banks and stuff. We’ll have you have an alert a new message. So if you think you have got an alert from the bank or Netflix or your services forget about that email go log into a clean browser login yourself and If there’s a message there odds are there’s not the IRS will not be sending you emails. That’s right. Thanks, aren’t going to ask you to just send you an email and say to put in a social security number. They’re just not doing that and tell you what John why we don’t take the minute or two that we have left and well I turn around and ask you to walk us through. Let’s see how well you do will put you on the hot seat. Let me go ahead and I’ve got I’ve got actually a sample I laugh at some of these I get a number of different of emails all the time. So, here’s one. This one concerns me. I got it from Microsoft, and you see this here. So, I so it says what me that my account has suspicious activity that someone has been trying to hack into my account. So, looking at this email John, what would you do with this email? What would you What would you say to see who it’s from and see what they’re asking for? Okay, so well, okay. So, here’s the email and so it’s clear. It’s from Microsoft. It tells us here. It’s from Microsoft and now I but I know that I know this is a fishing example email because I shoved into my folder called fishing examples. So, how did I know what your clue would be looking at this email that we’ve got something bed. Well, it’s from Microsoft security which that’s strange that there’s someone called Microsoft security. Microsoft we can see an email address or return address. Can we see the rest of the address? Yes, that’s it. There’s holy man. That’s actually the email address their security and cloud service care.com cloud service care. Wait a minute. Who’s that? Right, right. That’s not a legit email address. Let’s take a look down here and click on the on the on the link. And this is what I mean when I say, you know, you hover over and click look where that’s taking us customer portal dot info a toe. Where’s that? I don’t know but it’s not microsoft.com. Nope. Nope, so I would have to say bogus email and you see how even though I opened the email. I haven’t clicked on any links link, so haven’t blown my So I’ll pop up, because right? Here’s one of those DocuSign examples again you when you bring it, it looks totally legit. Now. I did not bother I did not bother downloading the graphics here, which is why this is showing this way, but you know, and I don’t know who this person is. Maybe they really literally are sending me a document. I don’t know but notice when I click on view your document Wow, that’s a huge link. Dan doesn’t begin with something from DocuSign. Does its Dan? And métier. Yeah métier, right? That’s a really long URL and the key is if it was DocuSign, at least I still wouldn’t touch it because I don’t know who this person is, but it’s not even coming from DocuSign. So, it’s totally not legit at all and yet the email looks like it’s completely legit. Here’s one that I think is always hysterical. You’ll get an email like this and say is this your password? You don’t know me. This is this is my father who’s a pastor received one of these my attorney received one of these and they’re all like I don’t go to pouring site. Of course, I said, oh really, they don’t but this is another thing that will happen. So, a password that you may have used 20 years ago was compromised and the bad guys will buy it even a password doesn’t work anymore. That was legitimate password that I used to use years and years and years ago, even though the password doesn’t work anymore. It was my password at one point that they’re on the Torso and after on the dark web so can be purchased on the dark web. And so how this is used as a as an attack is, they tell you hey, this is your password. I placed malware on a site and now I know that you’ve been watching porn and so what should you do? You should send me money here. So that way I don’t tell your wife your family or whatever else and believe it or not these people rake in millions of dollars because people are scared that they’ve been caught doing something. They shouldn’t and it’s all really just a fraud. It’s a fraud using old credentials that don’t even apply anymore. This password for me hasn’t been used in years and years and years and yet people will react in fear. This is That example where you take a little bit of Truth mix it up with the con, but it makes the con palatable makes the con believable. It makes the con real to the person and that Sparks their fears. Their imagination does the rest and you’re just looking at an example of a con job. So, this is a little bit different but it’s the same kind of fear that that is being exploited whenever we have something like a pandemic the news is Fanning and fueling our fears. And so, there’s all kinds of what we call clickbait or stuff for you to go. On that no more and to go find out more and are you infected how would you know if you have covid what are the symptoms and you go I got know I have to know I to know. Oh my God, I sneeze does that mean I’m going to die, and you click on stuff and people are preying on people’s fears. So, the key with all of these as look before you click read it and go huh? If it smells funny it probably is there’s always a legitimate place if you want to stop the shit great. There’s always A legitimate place if you would take the time slow down if I would take the time there’s always a legitimate place to check if you’re actually involved in something, you know again there are come-ons for your PPP money it covid-19 test your free face mask that they’re making it incredibly relevant and there’s always the way if you would just realize there’s nothing easy. There’s nothing free. There’s nothing coming to you. Slow down you can always pick up a phone. You can always go to the website yourself on your own links your own terms and see if these things are legitimate. See if there’s a message for you again. I keep getting the same one saying that you have a message from the governor of Florida. Rhonda says click here, like what I could turn on the TV if I wanted to hear a message from Ron’s I could go to his website. There’s right. Click here to verify I got I mean it was so obvious. You know, I think there’s a lot of stuff that normally you would say. It’s obvious like the old Nigerian scams, but they make it really targeted and they really play on people’s fears and the bottom line is if you if you laugh at I’ll go put Shaw who would fall for that. Lots of people do your parents may fall for it your aunts and uncles may fall for it. Your employees may fall for it, right? Hey, let me tell you I preach this I preach. this and I fell for it. Let me tell you what happened. Okay, because all of us can and will make this mistake, so don’t feel ashamed. It’s not the Hall of shame but the issue is the more you learn and the more you are aware of the left likely you will have a problem. Here’s a scenario that happened. I needed a part for to fix the carburetor on a small engine that I have in my garage and I’ve bought the part of eBay with in 2013. It was just fluke timing. I got an email from PayPal because of the order on eBay I pay for it via PayPal. I got an order via PayPal. I got an email from PayPal saying that my transaction was reversed. I need to go ahead and click here. Now. It just happened to be coincidence had nothing else to do with it. But because of the timing I had just placed an eBay order paid for it via PayPal, I was trying that ah, I did something wrong. It was like 11:30 at night and on my iPad, I clicked on the link and as soon as I did, I was like I didn’t hold that. Hold on just a second here. I when I went back, I hold it. I was like, ah crap. I closed out the links and everything else but still I was primed because of the events that I did think about it how many other people had just placed an order on eBay in the last couple of hours would have been primed for that exact hack that exact Hackett up and that’s all it is. It is a they’re playing the odds there. Spamming millions of emails assuming hey if I hit all of America 300 some odd million Americans a few of them probably just don’t need an order and I’m going to go ahead and they’re going to be my suckers today. And that is the game. It is like the stuff from Banks. There is really three major Banks and if I sent out stuff from each of those three to everybody. Yep a bunch of people there just playing the odds and I got to tell you it is because they’re making not Millions David billions. Yes, aliens here on that. So, our time is up. I want to thank you so much for your time. Let me ask you something. You have probably been following what we’ve been posting on social media LinkedIn Facebook. We have got that thing called passed the hat. And yes, that is very cool helping each other and Sherry, but we are all in this together. It’s about businesses finding ways to continue to do business despite the shutdown and it’s about people like you Me finding ways to support those businesses and continue and it could be as simple as sending pizzas to a family of doctor nurses sending it to an ER people selling mask at home people doing curbside pickup and those kinds of things where we can continue to keep the economy going and support first-line responders. Are you able to offer anything to people now who have a suspicious email? They have got a question they can send screenshot or you a anything you can help. a business owner with Sure. In fact, I would make this offer available not just to even business owners, but to anybody within the business who may even have a concern. I am happy to have a call with you and talk about your specific case and concerns. I know a lot of business owners are home along with our employees at their respective homes. A lot of us are doing interactive meetings like this. We can do a zoom meeting. We can just do a phone call. Let me give you my phone number really quick, and I’m just going to say reach out and give me a call. It’s 954-624-9511 that number again at my office is 954-624-9511 just pick up the phone. Give me a call. I’ll be happy to chat with you about your particular question. It could be a question that you have regarding something that you received an email. It could be a question that you’ve got about how to keep your own business more secure and what steps could you take? I’m happy to talk with you about it. Excellent David. Thank you for that offer. I am asking everybody that I’m interviewing. Thought leaders like yourself to throw a little something in passed the hat and just offer to help people in the community. So that’s what I was looking for. I appreciate it. Thank you so much for your time. I think I need to schedule another interview with you. I think maybe everyone with the homeschooling keeping your home network secure something. We’ll talk about how about that. That would be fine, but I’m looking forward to it. Great. Thank you so much. David, always appreciate your leadership and thank you for your time. Thanks, and see you everyone.