Protecting yourself from Email and web scams
When you read email, use social networking sites or just browse the Internet, you should be aware of scams that try to steal your personal information (identity theft) or yours or you company's money. Many of these scams are known as "phishing scams" because they "fish" for your information.
How to recognise phishing email messages, links, or phone calls
Cybercriminals use social engineering to convince you to install malicious software on your computer or to hand over your personal information, under false pretences. They can do this in many ways, by emailing, calling you or convincing you to download something off a website. Their aim is to trick you to do something you wouldn't if you knew their real identity, such as installing malicious software on your computer. In our industry, there are lots of emails being sent that claim to be from a well-known company, like Microsoft or Google or an industry specific company like NBAA, IATA, FAA, Eurocontrol and Avinode.
What does a phishing email message look like?
It used to be that phishing attempts were simple to spot, such as the Nigerian prince wanting to transfer you $10m and all you needed to do was to provide him with your bank account. Cybercriminals now run complex scams to deceive you, why it is more difficult to tell what is legitimate correspondence and what is not.
Things to look for to indicate that it may be a phishing email:
• Use of a well-known company to get your attention in this case Microsoft.
• The sender or return email address is bogus e.g. "email@example.com" is not a Microsoft address. Sometimes the Cybercriminal will use a real email address for the return email as they don't care if the emails are returned to the well-known company, if they have already got you to take the action they wanted.
• Bogus links in the email, such as "Update Account Settings". If you hover you mouse cursor over the link you can see where it goes. "Godrinks.se" is not a Microsoft link.
• Email attachments, with instruction in the email to open the attachment to review your order, review details of a UPS parcel waiting for you, or similar action. If you open, you may risk malicious software being installed on your computer.
• Threats with time sensitive urgency. Cybercriminals often use threats to encourage you to act, such as "Provide us your details, so you don't get locked out of your account." or "Pay in 2 hours or your account will be closed."
What to do if you get a phishing email?
Report it to you IT Department who can take action to block you receiving these types of emails and help protect you.
What should I look for from an invoice email from Avinode?
For legitimate emails that are sent by Avinode Finance, we add the following information to help you identify it is from us.
• Your company name as we will never refer to you with a general term, such as “Dear customer, client or member#.
• A price break down for all charges on your invoice that match your current subscription with us.
Please be aware Cybercriminals are clever and will try and do their best to imitate a company like Avinode. Asking you to pay to a new bank account should be a red flag, and the easiest way to conform is to call Avinode directly to check. Never rely on phone numbers provided in the email, but instead reference the phone numbers on the company’s public website.
For Avinode the phone numbers to use are:
• Americas: +1-888-972 80 40
• EMEAA: +46-31-751 00 00
The most important thing is to be alert and if you have any suspicion contact your IT Department or Avinode to check that it is a legitimate email.
Should I report it to Avinode?
Your first step is to report it to your IT team. They are your defense. After you have done this please forward to Avinode so that we are aware of what the Cybercriminals are trying to do.
Is there anything Avinode can do to stop me getting these phishing-scam emails?
Unfortunately, no. These emails only appear coming from Avinode, but they are not being sent by us or through our servers so we cannot stop them.
We are, however, constantly reviewing the security of our products to protect our members. We are currently working to introduce a “My Invoices” section to Avinode and Schedaero where you will go to view and download your latest statement. Once we have “My Invoices” we will stop sending invoices by email altogether.
If I want to know more?
Many larger technology companies provide advice on phishing scams. As an example, you can read Microsoft’s version by searching online for "Microsoft privacy phishing scams".
You can also report it in many countries?
Search online "reporting phishing or scam emails" in your local country and you will see an up to date list of entities or government bodies to whom you can report phishing attempts.