The Heartbleed security-bug debacle, which has ensnared thousands of companies that use the Web, has affected online businesses privately sending data to and from Internet servers.
Because of the security threat, online users may get bombarded with emails requesting changes to passwords and other security measures to ensure that accounts are protected.
Just a few days ago I received an email that appeared to be from the online presentation software company Prezi. The email stated that the firm wanted to “assure you that Prezi took immediate and proactive steps to patch this security hole.” In addition, it strongly suggested I change my password, using the instructions that were hyperlinked in the email.
I didn’t bite, and deleted the email.
Given the relative hysteria, many unsuspecting Internet users may inadvertently succumb to email phishing attacks that use the Heartbleed bug as bait.
Read More What you don’t know about insurance
Phishing is the act of attempting to acquire information — such as user names, passwords, credit card numbers, Social Security numbers and other sensitive information — by imitating a trustworthy entity in an email.
The “hooked” Internet user may be linked to a page that looks and acts like a legitimate corporate Internet home page when, in fact, it’s just a façade to capture sensitive information that could be used to facilitate identify theft.
It may be only a matter of time before reports of Heartbleed phishing attacks related to bank accounts, brokerage companies, credit card companies and other financial institutions become more prevalent.
5 tips to avoid getting hooked
As a financial professional, I have come up with 5 tips to pass along to my clients to confound online “phisherman”:
1. Never rely on a hyperlink in an email to send you directly to an Internet page. When in doubt, open up a new browser window and either type in the URL you are looking for or perform an Internet search.
2. Never reply to an email that is requesting sensitive information.Sensitive information, such as passwords and user names, should always be handled directly on a vetted website or over a personally initiated phone call.
3. When in doubt, check it out. Even though the sender’s name or company name in an email may appear legitimate, close scrutiny is highly recommended before responding in any manner.
4. Guard against spam. Phisherman have an uncanny ability to get people to act through fear-based messaging. A good spam filter should be able to catch unwelcome emails. However, as a golden rule, trust but verify.
5. Continuously check your online accounts and bank statements.Also, obtain one free credit report at Annualcreditreport.com every four months to give you a year’s worth of credit monitoring at no cost.
Read More Keep future Medicare costs in mind
The heightened fear surrounding Heartbleed may have created the panic that phishermen are using to prey upon and exploit unsuspecting Internet users. But don’t allow that fear to cloud your common sense when it comes to your own financial safety and security.
The Heartbleed bug has created enough vulnerability on the Internet; don’t let a lapse in judgment add to it.
Ed Gjertsen is a certified financial planner and vice president of Mack Investment Securities.