GFT Security Bulletin – May 2, 2011

Phishing

Phishing is an identity theft tactic in which the attacker sends official-looking email forged to appear as if it had been sent by a trusted service provider (typically a financial institution). The emails typically attempt to coerce recipients into clicking on links or executing attachments by stating that they are required to updated their personal or account information. Executing the attachments will potentially install spyware on the recipient’s computer and attempt to collect personal information. Clicking on links will lead the recipient to an official-looking web site that is operated by the attacker, and will present a form asking for personal, account, or financial information.

To protect themselves, GFT customers should take the following measures at a minimum:

• Never provide sensitive personal information (passwords, account info, social security numbers, etc.) in response to an unsolicited request whether via email, web, phone, or otherwise. No legitimate financial services company or merchant would ever request that information openly through any of those channels. If you believe that the request may be legitimate, contact the company yourself via their main phone number to validate.
• Never click links or open attachments in a suspicious email.
• Log in to your accounts regularly and review your statements for suspicious activity.
• Keep your web browsers, operating systems, and anti-virus/anti-malware systems up to date.

GFT may contact you from time to time in an effort to update our records. However, we will not ask you to provide information such as your login name or password. If you are ever unsure if a representative of GFT is requesting information from you, contact us using the information provided on our website to verify the request rather than the contact information provided in the email you received.