“Phishing” is exactly what sounds like — a “fishing” expedition by the bad guys, usually via “legitimate” seeming emails, or other means, to try and “snag” or “catch” as much sensitive information about you, and your customers, as they can.
You should only be doing one kind of “fishing” in the summer, and it’s not the “ph” kind. Here are some AVPS tips on how to stay safe, and avoid getting “phished:”
*DON’T DOWNLOAD SUSPICIOUS ATTACHMENTS, OR CLICK ON “FISHY” LINKS
Suspect emails will often try to appear as if they’re coming from a trusted source like a bank, credit card company, ISP, etc. If the email is asking you to download an “account statement,” or click through a link to “verify account information,” do not. If necessary, you can copy the URL and paste it in another tab, to see if it’s actually real, and not a trojan horse. The “attached files” will often contain software “worms” to burrow through your system.
*PROTECT YOUR TERMINAL
Do not give out MID numbers, or any other sensitive information, like terminal IDs, etc. Card providers like Visa, et al, already have this info, but “phishers” posing as banks might want it. Beware any sudden, unscheduled “terminal maintenance” with POS devices. Always call AVPS when questions arise about service or info requests on processing devices.
*REVIEW WITH EMPLOYEES
Make sure you have regular reviews with employees about some of the procedures listed here. Also try to limit the “need to know” basis for MID numbers, acquirer’s BIN, etc., to reduce the possibility of inadvertent leaks
*MAKE SURE ANTI-FRAUD SOFTWARE IS UP-TO-DATE
It’s shocking how often this easy step is ignored. The infamous “Target Breach” may have its roots in a vendor not updating their anti-malware software. Make sure all protections for malware, viruses, etc, are regularly kept up-to-date, and that all employee terminals connected to the system have them.
Questions? Ask AVP Solutions! That’s what we’re here for!
And remember: This summer, it’s fishin’ — not “phishin’!”