Question: Why is a general practice attorney writing an article about cyber security?
 
Answer: Because we all face these threats every day.
 
Here at Rountree Losee, we counsel our clients that proper prior preparation prevents poor performance. This is particularly true in today’s cyber threat environment.
 
So here are some basics.
 
Fraudulent emails are an increasingly popular method for hackers to try and obtain your confidential information.  Phishing and pharming are two malicious tactics that you may encounter in these fraudulent emails.
 
Phishing occurs when hackers send fake emails to fool users into taking an action, such as clicking on a link or opening an attachment, which allows hackers to complete a malicious goal. 
 
The information targeted from phishing attacks can include:

• Stealing usernames and passwords
• Receiving payment under false pretenses
• Accessing other business/personal information without permission
• Infecting an organization’s technology assets or an individual user’s computer with malware

Pharming occurs when hackers use fake email addresses or websites disguised as known, legitimate sites to get users to attempt to log in. Once users do this, their username and password are stored by hacker(s).
 
The information targeted from pharming attacks can include:

• Selling usernames and passwords for identity theft of others
• Making fraudulent purchases
• Gaining unauthorized access to email, banking and other services

To identify and avoid phishing/pharming emails, make sure you and your employees verify the email address of the sender, pay attention to the web addresses of any hyperlinks, and be alert for poor grammar, misspellings or an unprofessional tone. 
 
Red flags can include:

• Emails sent from someone you do not know or do not have an existing business relationship with
• Emails sent at an unusual time of day
• Foreign phone numbers or addresses
• Non-official email addresses
• Domain names that do not end in .com or .org.

Often, these email messages will ask you to log into an account, confirm purchases or renewals of accounts, verify credit card information, or provide bank account information. 
 
It is critical to hover your mouse over any hyperlinks contained in an email to make sure that the link-to address is for the same website that the text displays. Sometimes, hackers will create a hyperlink that is a close misspelling of a known website. 
 
If you receive a suspicious-looking email, try calling the person who purportedly sent the email to verify that the message is legitimate before opening any attachments or clicking on any links. Be sure to report and delete any suspicious emails and alert others in your office or organization.
 
If you become a victim of a phishing or pharming attack, immediately change all affected account passwords and be on the lookout for unauthorized charges to your financial accounts.  It is better to be safe than sorry!
 
If you need assistance in creating standard operating procedures to be incorporated into an employee manual or any other business risk issue spotting, the attorneys at Rountree Losee are available to help.
 
Rountree Losee LLP has provided well-respected, high-quality legal services in Southeastern North Carolina for generations. Grounded in this history and tradition, and guided by our firm values, Rountree Losee’s diverse and growing team of lawyer-leaders continues to provide exceptional legal services as well as exemplary service to the community in which we live and work. If you have any questions or comments about this article or other legal services, please contact us at (910) 763-3404 or www.rountreelosee.com/contact-us.