ThinkstockPhotos-491838182

Neoscope works with Constant Contact to market our business and inform our clients about opportunities to participate in Lunch and Learn sessions and other educational opportunities. Neoscope recently held a Breakfast and Learn session with 40 local business leaders in which we discussed various ways to protect businesses from compromise.  One important way was to be highly suspicious of strange or mysterious URL links within unsolicited emails.

It’s therefore, quite unfortunate and somewhat ironic then, that the way in which Constant Contact presents email invitations to our clients was through the very mechanism we’re warning our clients to never click on – the mysterious and strangely obfuscated URL link.  Here are two example URL’s that Constant Contact sent out followed by Neoscope’s Website invitation.

http://r20.rs6.net/tn.jsp?e=001nMHUAMpU0wo2FNh2nQt_qgHgn90TGyrklaAHb0yogW4vrA5Fx1L7dU-6dJE6UpE36z_8dJmrxJVpsjlEPikwV4_Ci488icKx4cZthxBuC-EnQUAsfef4aLELUPgJdbK0
https://www.neoscopeit.com/security-lunch-learn
Which of these links would you trust?
To many potential respondents to our Security Training seminar, this invitation link appeared to be a hacking method known as “phishing” by which hackers send emails purporting to be from a reputable source in order to get personal information, such as passwords, identification credentials and more from unsuspecting victims. Neoscope wants to ensure that you’re not next. I wonder how many potential attendees looked at that URL and declined the invitation despite wanting to learn more about Cyber Security protections for their businesses?

Call to Action for Constant Contact:  you need to fix your poorly crafted email invitation links to avoid being seen and treated as SPAM and Phishing attacks.
How Can You Avoid Email Phishing Scams?
In order to maintain a secure IT environment amongst your staff, it’s important to ensure safe practices. Keep these vital cybersecurity tips in mind the next time you’re clearing your inbox, and make sure your employees do the same.

  • Examine The URL: It’s generally a wise policy to avoid clicking links that you’re unsure of. If you’re getting an email from Neoscope or Constant Contact, it’s a fair assumption that one of those names should show up in the URL. An easy way to check if a link’s destination lines up with its name is to hover over the hyperlink without clicking; the destination will appear, and allow you to check it against the hyperlink text.
  • Learn To Recognize Safe Sites: Legitimate websites will always have a few visible security features:
    • While nearly all websites begin the familiar “http”, truly secure sites will have an additional “s”, reading as “https”.
    • Secure sites will have a closed lock icon near the address bar.
    • Banking websites will often have an extended validation SSL certificate next to the URL, which will highlight their company name in green.
  • Never Give Out Private Information: There’s simply no legitimate reason why anyone — even Neoscope — would require your personal password. Systems and processes are in place to ensure that your password is only necessary to you, so don’t give it out under any circumstances.
  • Stay Up To Date: It’s important to keep your browser and other programs up to date with any security patches that they offer. While it can be frustrating to sit through an update process once a week, it will go a long way to protect you from known vulnerabilities that hackers will otherwise try to exploit.

The bottom line is that you should be skeptical of any and all unexpected emails that ask you to provide information, click a URL, or that come from an unexpected source.  There’s no situation in which ignoring a suspicious email would ever be as dangerous as taking it at face value, so it’s always in your business’ interest to skeptical.

Contact Neoscope to hear about the most effective email security practices to keep your data safe. Contact Neoscope and our IT security professionals at {email} or (603) 505-4902 today.