|
If you are seeing this page. You have been exploited by a phishing scam example conducted by:
Meras Water Solutions - Information Technology Department.
Your system has not been compromised. But had this been a real scam, chances are your credentials could be compromised. And in the hands of bad bad people.
This purpose of this exercise is to bring awareness of the scams bad actors employ, how to stay safe online, and protect your information.
   Phishing attacks aim to steal or damage sensitive data by deceiving people into revealing personal information like passwords and credit card numbers.
   A successful phishing attack can have serious consequences. This might look like stolen money, fraudulent charges on credit cards, lost access to photos, videos, and files. Even cybercriminals impersonating you and putting others at risk.
   At work, risks to your employer could include loss of corporate funds, exposure of customers and coworkers personal information, sensitive files being stolen or being made inaccessible, not to mention damage to your company's reputation. In many cases, the damage can be irreparable.
   Check the sender's email address before opening a message-the display name might be a fake.
   Spelling mistakes and poor grammar are typical in phishing emails. If something looks off, flag it.
   Hover over hyperlinks in genuine-sounding content to inspect the link address.
   If the email is addressed to "Valued Customer" instead of to you, be wary. It's likely fraudulent.
   Check for contact information in the email footer. Legitimate senders always include them.
   Fear-based phrases like "Your account has been suspended" are prevalent in phishing emails.
   Attackers are skilled at manipulating their victims into giving up sensitive data by concealing malicious messages and attachments in places where people are not very discerning (for example, in their email inboxes). It's easy to assume the messages arriving in your inbox are legitimate, but be wary-phishing emails often look safe and unassuming. To avoid being fooled, slow down and examine hyperlinks and senders' email addresses before clicking.
   People fall for phishing because they think they need to act. For example, victims may download malware disguised as a resume because they're urgently hiring or enter their bank credentials on a suspicious website to salvage an account they were told would soon expire. Creating a false perception of need is a common trick because it works. To keep your data safe, operate with intense scrutiny or install email protection technology that will do the hard work for you.
   Bad actors fool people by creating a false sense of trust-and even the most perceptive fall for their scams. By impersonating trustworthy sources like Google, Wells Fargo, or UPS, phishers can trick you into taking action before you realize you've been duped. Many phishing messages go undetected without advanced cybersecurity measures in place. Protect your private information with email security technology designed to identify suspicious content and dispose of it before it ever reaches your inbox.
   Bad actors use psychological tactics to convince their targets to act before they think. After building trust by impersonating a familiar source, then creating a false sense of urgency, attackers exploit emotions like fear and anxiety to get what they want. People tend to make snap decisions when they're being told they will lose money, end up in legal trouble, or no longer have access to a much-needed resource. Be cautious of any message that requires you to "act now"-it may be fraudulent.
   While we in IT put alot of effort in systems to protect the confidentiality, integrity, and accessibility of our systems. The best protection against social scams is awareness. Meras IT has technology in place that block malicious software. But against deceptive words and attempts at misdirection, these can only be stopped by you.
   Meras IT does have all the tools to appear as a genuine Meras email. But we didn't cheat! We used all the same tools, systems, domain names that anyone outside of Meras has access to. No genuine Meras system was used in this exercise. That email was not from meras.com. Look closer.