BEST PRACTICES FOR HANDLING PHISHING & RANSOMWARE
(CAPTA - Nov 2018) Both email-phishing scams and crypto ransomware/malware are increasingly common and can have devastating impacts on businesses and non-profit associations of all sizes. As a non-profit association, PTA can be vulnerable to these types of cyber crimes at all levels and, in fact, we have heard reports of email-phishing scams happening to local leaders.
Email-phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your PTA treasurer or president, your Internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information such as bank account information or account passwords. The perpetrators then use this private information to commit identity theft or trick you to wire money.
Ransomware/malware is a virus that installs covertly on the victim’s computer system and encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. Often malware is triggered by downloading files or clicking links from untrustworthy sources which appear to be legitimate.
If you get an email from a fellow PTA officer asking to wire funds, do not send money.
Establish communication “backchannels” such as text message or phone calls to verify the authenticity of the request. Additionally, remember to keep your personal and PTA computer systems and firewalls up-to-date to minimize the potential for viruses to inflect your system with malware.
California State PTA Online Toolkit – Finance Policies and Procedures
Osterman Research White Paper – Best Practices for Dealing with Phishing and Ransomware
Tipwire Video – Tips to Protect Yourself from Phishing