To: All Policy Issuing Agents
Date: June 3, 2021
Re: Cyber Security

Dear Agent:

No doubt you are all aware that the Colonial Pipeline was hit with a devastating cyberattack earlier this month that forced the company to shut down approximately 5,500 miles of pipeline in the United States, crippling gas delivery systems in Southeastern states. Some of you may have been inconvenienced and/or have seen higher gas prices as a result of this hack, which was only one of many that happened during the same timeframe. These attacks point to the need for staying vigilant in protecting both yourself and our company from malicious attacks that typically start with an innocent looking e-mail.

Statistics tell us that over 91% of successful data breaches (hacks) start with a PHISHING ATTACK. If you’re not familiar with the term, PHISHING is the process of attempting to acquire sensitive information or access to a system by tricking the recipient to click on a link or open an attachment contained in an email. To that end, with the incidents on the rise, it is more important than ever that we stay vigilant and think before clicking on any link or accessing any website. Some simple steps to follow below for staying secure:

• THINK about whether the email, sender, content, or attachment type makes sense or is typical of an email that you normally receive.
• LOOK at the email address. Does it end in a “.com” or does it end in a “.edu; .au; .eu” or anything else that looks different or suspicious? Take a minute to examine the source or sender of every email.
• ASK the sender – via a telephone call to a number that you access interpedently – not a number shown in the suspicious email, text, or separate email – if they sent an attachment.
• CHECK the links out – both the email address of the sender and any link that is referenced in an attachment or to a website.
• NOTE: You can “hover” by moving your cursor over the link or the email address to display the true destination of the link or email address. Review it carefully – if it says anything other than what it should say, delete the email immediately. Sometimes the email or link can be only 1 letter or character off.
• FORWARD instead of “Reply”. If you’re going to respond to the sender, use “FORWARD” and type in the email address independently of the address shown in the email. This step will reveal the true address of the sender AND allow you to ask if the email is legitimate.
• NEVER ever click on a link, open an attachment, or respond to an email if you have any doubt as to the legitimacy of the content. DELETE the email or use the options in the control panel of Outlook to report the email as “JUNK” and as “PHISHING”.

Here’s a link ALTA recently provided to a Wire Transfer Fraud Advisory published by the Secret Service addressing wire fraud incidents targeting mortgage payoffs: https://www.alta.org/file.cfm?name=Wire-Fraud-Alert

(ironic, I know, that we provide a link, of all things, in this message…)

You all have done an excellent job staying safe and protecting your company against electronic intrusion. This is just a reminder that now more than ever before – double check before accessing any link or attachment on any email that you receive both at work and at home. The bad guys are getting smarter and trying harder, but vigilance will always prevent them from succeeding.