It’s in the Mail. Phishing at the Post Office.

It’s in the Mail. Phishing at the Post Office.

You’ve heard time and time again about phishing attacks. Nefarious characters send sophisticated-looking emails, hoping to entice recipients to click on a link or open an attachment. One small move allows the criminals to unleash havoc on an individual computer, a network, or even more.

Despite repeated warnings by employers, security experts and, no doubt, family members, we continue to fall victim to phishing. It’s apparently just too tempting to ignore a link or attachment, particularly one in an email that purports to come from a bank, credit card company or other business that we may actually do business with.

The US Postal Service provides a case in point. About a year ago, hackers used an email attack to breach USPS employee information. As the New York Times reported last November, the criminals gained access to names, birthdates, addresses and Social Security numbers for more than 800,000 current and past employees—from top executives to postal clerks.

Did Postal Service employees learn from the attack? Apparently, some did not.

Just a few months after the breach, the USPS Office of Inspector General performed a test to see what would happen. Nextgov reports this week that the office sent bogus emails to a sample population of more than 3,000 USPS employees. And guess what? 25 percent of them clicked on a phony link in the faux-phishing email.

And whether they clicked or not, hardly anyone—only seven percent—reported the incident, as they’re required to do.

Why? According to the Office of Inspector General, “of 3,125 employees in our sample, 2,986 (96 percent) did not complete the annual information security awareness training…In addition, 750 of 789 employees in our sample who clicked on the link in the phishing email (95 percent) did not complete the training.”

What this tells me is that the employee security training that so many corporate and government employees are required to complete may actually provide value.

It’s worth noting that a phishing email can be made to look like it came from a colleague. Hackers can simply go online to figure out a company’s email address protocols, such as With this info, the hacker can send a legitimately appearing email to a specific employee who, understandably, may think it originated from within the company. Such personalized attacks are called spear phishing. One innocent click later, trouble ensues.

None of us is immune to phishing schemes. Stay on guard. Even if you receive an email that appears to originate from a business with which you have an account or relationship, don’t assume it’s legitimate. Rather than clicking the link in an email, type the URL into your Internet browser yourself. It takes only one false step—or click—to expose yourself, your family or your company to a breach or other type of cyberattack. You don’t want to be the one to do it.


Small Businesses and Cybersecurity

Small Businesses and Cybersecurity

It’s quite a coincidence that we saw multiple data breaches as we kicked off National Cybersecurity Awareness Month.

  • T-Mobile said a data breach at credit reporting agency Experian exposed sensitive information belonging to 15 million T-Mobile customers.
  • Online broker Scottrade announced a data breach that may affect up to 4.6 million of its customers.
  • The American Bankers Association reported a comparatively small breach of its shopping cart, exposing user names and passwords of 6,400 records.

If you’re a small business owner, you may wonder about your own risks, given the challenges faced by these larger organizations. And there’s good reason to wonder.

Is She Doing Homework—or Watching Music Videos?

Is She Doing Homework—or Watching Music Videos?

Your kid says she’s doing homework online, but what’s really going on? Good question, huh?

As one mom told us, “My daughter’s school has a one-on-one iPad program, and every kid in the school (about 1,000) has a school-supplied iPad. I have to say it has been a struggle to try to teach her how to use the iPad responsibly, because they can always claim they are doing homework, while we know they are probably watching music videos.”

Given what I’ve experienced with my 14-year-old son, I know this parent isn’t alone.

Quick! What Does NCSAM Mean?

Quick! What Does NCSAM Mean?

In case you missed it, Tuesday was National Coffee Day in the U.S. When a colleague returned to her desk that afternoon with a cup of java—not her usual practice—I asked if she was celebrating. As it turned out, she wasn’t aware of the “big day.”

Marketers and public relations folks have put forth so many “big days” that it’s not surprising she missed National Coffee Day. Yesterday, for instance, was National Women’s Health & Fitness Day. But I also found references to yesterday as National Chewing Gum Day, National Mud Pack Day, and National Hot Mulled Cider Day.

Let’s set those aside, though, and focus on NCSAM. It’s actually a notable observance that demands both attention and action. In fact, it’s not just a day—but an entire month, and it begins today, Oct. 1.

LifeLock Partner NOVA on Suicide Prevention

LifeLock Partner NOVA on Suicide Prevention

Editor’s note: September is National Suicide Prevention Awareness Month. LifeLock partners with the National Organization for Victim Assistance (NOVA), whose mission is to “champion dignity and compassion for those harmed by crime and crisis.” We spoke with NOVA Director of Victim Assistance James Gierke about how his organization helps the victims of suicide, while also working to prevent it.

Not long ago, my 14-year-old daughter faced a harsh reality. She lost a friend to suicide. Her school called to let me know what had happened, one of those conversations that started with “we’re dealing with a serious situation.”

Any parent can relate. Those calls are the worst.

I was shocked and horrified by what I was hearing. Suicide? But he was just 14! Then all the questions began to hit. The biggest one of all: How do I talk to my daughter about suicide?