How to Identify a Phishing Email

Q.  I’ve received emails from my bank that I suspect are fraudulent, but I’m nervous about ignoring them. What should I do?

A.  First, check the sender’s email address for misspellings. Fraudsters trying to lure you with a phishing scam might use an address that’s similar to a company’s official one, but not exactly the same. It’s not a foolproof tactic, though, because some crooks can completely “spoof” an email address. But you can be certain that a U.S.-based organization’s email address won’t include a domain extension from a different country (such as .ru for Russia or .br for Brazil). Many phishing attempts originate abroad, often from non-native English speakers, so poor spelling and awkward sentence structure in the body of the email could be another telltale clue.

Hovering your cursor over links in the email’s text will reveal a code showing where the link really leads. If it doesn’t include the company’s domain name before the first forward slash (/), don’t click on it. And last, if the email asks you to verify or provide personal information such as credit card and bank account numbers, your Social Security number, or passwords, it’s definitely a fraud, says the Federal Trade Commission. If you’re still in any doubt about whether the email is legit, reach your bank directly; check the contacts page on its website.

In the mood for a deeper dive?

Every day countless phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obvious frauds, others can be a bit more convincing. So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one single technique that works in every situation, but there are a number of things that you can look for. Here are the top 10 things to look for.

1 – The message contains poor spelling and grammar

As mentioned above, whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal department.

2 – URLs contain a misleading domain name

Phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name info.ncgit.com would be a child domain of ncgit.com because ncgit.com appears at the end of the full domain name (on the right-hand side). Conversely, ncgit.com.maliciousdomain.com would clearly not have originated from nccgit.com because the reference to ncgit.com is on the left side of the domain name.

This trick is used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Apple.maliciousdomainname.com.

3 – The message contains a mismatched URL

A clue that an email is suspicious is the integrity of any embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

4 – The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

5 – The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

6: You didn’t initiate the action

Have you ever received an email letting you know you’ve won a raffle for a cruise?! The only problem is that you never bought a raffle ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

7 – You’re asked to send money to cover expenses

One telltale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

8 – The message makes unrealistic threats

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam.

9 – The message appears to be from a government agency

Phishing artists who want to use intimidation will often pose as a bank or send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen. I can’t tell you how government agencies work outside the United States. But here, government agencies don’t normally use email as an initial point of contact. That isn’t to say that law enforcement and other government agencies don’t use email. However, law enforcement agencies follow certain protocols. They don’t typically engage in email-based extortion.

10 – Something just doesn’t look right

Trust your gut and use your JDLR senses —just doesn’t look right. If something looks off, there’s probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message.

Mitigate phishing scams with help from NCGIT

Phishing scams and spear-phishing threats are on the rise, causing disruption and damage to enterprises everywhere. Designed to fool your employees into reviewing credentials, passwords and other confidential information, phishing scams are involved in more than 90 percent of hacking attacks today1.

The impact of phishing scams on profitability and productivity is huge. Breaches can cost millions, destroying corporate reputations and significantly degrading customer loyalty. Protecting your organization from phishing threats is critical — and that’s where Mimecast can help.

NCGIT’s secure email solutions offer comprehensive defense against phishing scams and other advanced threats, as well as data leaks and routine threats like spam, malware and viruses. Offering always-on, always up-to-date protection that eliminates the cost and complexity of traditional offerings, NCGIT’s email security solutions provide enterprise-grade protection so you and your organization breathe easier.

Contact us today to learn our secure email solutions

Moneyball II: Using analytics to understand Red Sox fans

Sourced from straighttalk.hcltech.com

By Brian Shield, Chief Information Officer, Boston Red Sox
bobmwallace@comcast.net

By Brian Shield, Chief Information Officer, Boston Red Sox

Talk about perfect timing. I joined the Red Sox in August 2013, just as the team’s 10-year, 820-game sell-out streak had come to an end, following the team’s unceremonious fall from grace late in the 2012 season. For the Red Sox, who had been regular pennant contenders and had won two World Series in the previous decade, 2012 was their first losing season since 1997 and their worst season since 1965. The executive management of the team—which was founded in 1901 and has played at America’s oldest baseball park since 1912—had decided that it was time for a digital transformation.

I came to the Red Sox from The Weather Channel, where I was CIO for almost 15 years. To the average person, the only similarity between baseball and weather might be their unpredictability. To my surprise, however, I found many things in common between the Red Sox and my former company. Both organizations are iconic consumer brands with well-known stars. They have loyal and often zealous followers, have limited “traditional” competition in their respective markets, and have understandably invested heavily in the consumer-facing side of the business.

In both instances, however, success had led to some technical complacency, with under-investment in the engine that fuels all businesses today—data—becoming a handicap in the face of changing market dynamics.  At The Weather Channel, I ultimately was responsible for one of the world’s largest cross-platform digital properties, big “weather” data environments, and fully distributed cable networks.  But that only happened as rapid advances in the breadth and quality of weather data, imagery, and availability hastened the need for changes in digital weather products – a digital impetus that baseball had lacked.

As businesses in many industries around the world are learning, the promise of their digital transformation efforts lies in collecting and analyzing data on customers’ behavior in order to provide them with products and services tailored to their individual needs. Digital transformation also has a profound impact on internal operations, and it allows for quick experimentation and evaluation of new business processes.  The challenge, however, is not to get carried away with digitization of everything and to maintain traditions and “analog” ways of doing things that still provide value to 21st-century customers.  At the Red Sox, that means preserving what’s best in baseball and historic Fenway Park while leveraging what’s best in technology.

A 360-Degree View of the Customer

While the movie Moneyball, based on Michael Lewis’s 2003 book Moneyball: The Art of Winning an Unfair Game, brought the use of data analytics (or in baseball parlance, “sabermetrics”) to the informed baseball fan, the analysis primarily focused on evaluating talent.  The book recounts how the Oakland Athletics successfully substituted player assessments based on traditional baseball metrics (for example, batting average, runs batted in, or a pitcher’s wins and losses, not to mention subjective “gut feelings”),  with “newer” metrics that improve predictive analytics. This allowed the A’s to build a winning team on a relatively low budget, and the story has become a famous foundational tale of the “big data” movement. But as yet there has been no Moneyball-like customer-analysis story, to demonstrate the successful application of analytics to better serve baseball fans.

In the sports world, baseball is not unique in its limited knowledge of its customer base.  According to one recent estimate, U.S. sports teams, on average, know less than 5% of their fans. For the Red Sox, this would imply having limited knowledge of about 400k fans out of the 7 million-plus adults in New England who consider themselves citizens of “Red Sox Nation.”

While traditional market segmentation efforts – the young fan who attends games frequently, the small business owner who entertains clients at games, etc. – provide a helpful window onto the sporting-fan population, such basic scrutiny won’t get you to first base in today’s digital age.  Today, we must understand and serve fans’ individual needs.  For that, we must have a 360-degree knowledge of each customer.

Basically, sports franchises have had two key obstacles to more fully understanding the fan. One was that teams are historically one step removed from the buyer, who may have purchased a ticket or merchandise from any one of a variety of channels and middlemen. The other was that the data we collected was coming from disparate data sources and housed in disparate databases.  The result was that you know that X has been a season ticket holder for Y years, but you probably don’t know how old he (or she) is; his family status; how many games he, as holder of the season tickets, personally attends; his concession habits; etc.  In short, sports franchises knew how many people purchased tickets and where they sat, but little else about them.

The realization that past data practices are woefully inadequate in today’s digital world is certainly not limited to sports.  Even many of the companies that today are considered “big data” powerhouses were anything but that just a few short years ago.  For example, as the 21stcentury rolled around, only limited historical weather data was captured at The Weather Channel.  Why capture information on the storm that just passed? Or so the reasoning went. As digital platforms and learning systems evolved, however, so did the need for more granular and more diverse data.

For the Red Sox to match its player analytics with data-driven, fan-level analytics required a comprehensive approach. We needed to create new capabilities in the IT function; transform our data collection and integration practices to emphasize the importance of data analytics and reporting; and offer new digitally enabled fan-facing programs.

New Skills and a New Organization

The first step in transforming our knowledge of our customers was to create a data-services team.  The sole focus of this small group is data, more specifically, data on our customers. To staff it, we hired people with skills and expertise that we hadn’t had, including a data architect, a sports-oriented CRM analyst, and business analytics and reporting specialists.

In addition to creating the data-services group, we had to evolve our IT organization.  Like any championship-caliber team, we needed to adapt to changes in expectations, team chemistry, and our portfolio of skills.  To accomplish this, we took a page from how successful baseball teams are built.  We designed our team by emphasizing strong leadership and coaching, comprised of a few all-stars, free agents in the form of consultants, utility players with key differentiated skills, new experienced players from outside of our club, and a young and hungry farm system comprising part-time resources and select interns.

It’s worth noting that because in today’s digital age IT teams need to be lean, adaptable, and skilled in using leading-edge solutions, sports organizations increasingly look to outside industries for their technology professionals, rather than relying on the traditional internal farm system. The Oakland Athletics’ Billy Beane, the central character of Moneyball, was absolutely right when he told the Wall Street Journal a couple years ago: “Increased demand for technical skills required to interpret the ‘big data’ will dramatically change the composition and demographics of front offices… [S]port will no longer be the exclusive domain of ‘insiders,’ and the business will be better for it.” In other words, insularity is your worst enemy in a fast-changing digital world.

Accordingly, at the Red Sox we rounded out our “virtual” team by cultivating key relationships with local colleges and universities to provide critical external insight, and we engaged with a few key strategic partners to effectively balance the buy-versus-build equation.

A Focus on Data Collection and Analysis

In parallel with our people changes, we significantly upgraded the infrastructure supporting the collection and analysis of our data.  The nucleus of this infrastructure investment was a state-of the-art enterprise data warehouse, complemented by custom-designed CRM applications, leading-edge reporting tools, and the integration of the data warehouse with a sophisticated, third-party fan-engagement platform.

When you start focusing on the data, a very important aspect of digital transformation becomes clear to everybody in the organization: quality beats quantity every time. Until you can effectively harness the data, analytics is just a dream.  In our case, there are more than ten different ways for someone to buy a ticket to attend a Red Sox game.  This means we have ten ways by which an error can occur.  Add to that the duplication of customer data, and you have the makings of a serious data-quality problem.

We have made progress in our data governance and quality management efforts, but it’s a journey that is never complete.   What’s critical is that we have a commitment to data integrity and a process to identify and address data inaccuracies at both the beginning and end of each data ingest and integration process.

Enhancing the Fan Experience

Digital transformation also means adding a digital layer on top of the physical reality of your enterprise. For us – and most importantly, for our fans—the physical reality is America’s oldest and most loved ballpark, Fenway Park. We started there with the basics—collaborating with the Major League Baseball organization (MLB) to install a Wi-Fi network throughout the park. By the mid-season All-Star break of 2015, working through the snowiest winter in Boston’s history, we finally completed the installation.

Connectivity is like oxygen in today’s digital age.  Customers everywhere expect connectivity to be ubiquitous, in high concentrations, and readily available.  Connectivity, however, is but a means to an end. It’s what you do with it that determines user satisfaction. We are still early in our digital journey when it comes to creating compelling digital products and services that will both simplify and enhance the fan experience.

We are leveraging the capabilities of the MLB Ballpark mobile application, which supports digital ticketing, in-game seat upgrades, offers and promotions, and loyalty rewards programs.  We have created a virtual-reality site called Kid Concourse, where young fans can visit Fenway online – including the VR Dugout. We’re currently considering other fan enhancements that leverage such technologies as RFID (for example, team jerseys embedded with an RFID chip that would allow fans wearing them to receive discounts on concessions and merchandise), augmented reality (to provide historical information for landmarks around Fenway Park), and wayfinding kiosks (to help fans find their seats and learn about concession options), among others.

These are all examples of how digital technology operates on two levels – in the present and in the future. It provides more convenience and extra services to customers, increasing their satisfaction, their loyalty, and what they spend on your services. But it also facilitates a long-term perspective that provides you with more information on customers’ behavior so you can serve them better in the future.

Digital applications not only add a whole new dimension to fans’ experience in the specific physical environment of the baseball park; apps can also extend that experience to include fans (and potential fans) at home or on the move.  For example, we have a very successful tour program at Fenway Park. Should we start offering a virtual-reality tour for anyone with an Internet connection or appropriate headsets?

The opportunities that digital transformation brings are just about limitless and there are probably quite a few we haven’t thought about.  (If you have suggestions, let us know at DigitalIdeas@RedSox.com).

But so far, we have made a great deal of progress in our journey to build a 360-degree view of our fans. This is the exciting nature of digital transformation. It’s a never-ending quest, always providing new opportunities to take your game—together with employees, partners, and customers—to the next level.  As our digital strategy evolves, our understanding of Red Sox Nation – who we believe are the best fans in major league baseball – will continue to evolve.  We expect this understanding to help fuel a new generation of digital fan amenities that will complement the wonderful game of baseball and the charm of Fenway Park.

Client Spotlight: LCB Senior Living

Scalable, repeatable, highly available, and centrally managed – Those are the characteristics of the IT infrastructure LCB Senior Living asked NCGIT to provide for its planned roll-out of senior housing communities throughout the eastern US.  At the time, LCB had a small management office and only a handful of residences it was managing.  An old school approach of managing each location individually with in-house servers was sufficient and manageable.  However, with the plan to begin building and managing new residences all over New England and the eastern US, it was clear that this old approach was not going to be a viable approach for providing the scalability, repeat-ability and central management LCB desired.

LCB now has successfully expanded its footprint to 22 senior residences from VT to CT and in 2017 is planning to open 4 more new residences in MA and NH.  To facilitate this aggressive growth from an IT perspective NCGIT designed and implemented a fully cloud hosted infrastructure shared across all facilities.  The solution combines cloud hosted desktops, servers, file sharing, email, website security filtering, and cloud based Wifi and firewall management.  This allows all users across all of the locations to access their same desktops, files, and emails from any location, and to do it reliably and securely.  Equally importantly, this cloud hosted infrastructure allows LCB to scale its infrastructure quickly and in a highly repeatable fashion.  NCGIT and LCB internal IT resources are also able to quickly, easily and centrally manage all aspects of the IT infrastructure.

Contact us today to see how NCGIT can help your business implement a secure, robust, and highly reliable cloud based IT infrastructure!

About LCB Senior Living, LLC

LCB Senior Living, LLC is a developer/operator and third-party manager of quality senior housing communities.  Since 1994, the LCB team has been pioneers in modern senior living, providing Independent Living, Assisted living and Memory Care services throughout New England and the eastern United States.  During that time, they built and sold the 16th-largest such company in the nation, and are currently one of the fastest-growing senior housing companies in the region.

Whether it be developing and managing beautiful new residences, or managing yours, LCB prides itself in creating communities where residents can enjoy continued comfort, security and dignity as their individual physical and cognitive needs change.

www.lcbseniorliving.com