Users of online services are potential targets for attempts to steal login
credentials and other sensitive information. These threats include scam emails
(phishing and malware) and phone calls attempting to gather information that
can be used to gain unauthorized access or privileged knowledge.
Phishing and malware
Don't become a victim of 'phishing', in which Internet criminals set up a Web
site that mimics a legitimate site, such as the breato.com login page. By
following the tips below, you can avoid becoming a victim of such a scam:
- Always look for the 'lock' icon in the bottom-right corner of your
browser (see images below).
- Be suspicious of emails that include links to the Breato login page.
Don't click on such links. Instead, always log in to Breato in one of two
ways:
- Enter
'https:///sub-domain.breato.biz/' in the address field
- Click the Customer Login tab from the Breato
home page (www.breato.com)
- Log in to your Breato Designer environment only
at the following secure site:
https://sub-domain.breato.com/designer
- Log in to your Breato Administration environment
only at the following secure site:
https://sub-domain.breato.com/admin
Spot suspicious emails
Phishing emails try to trick you into revealing information, often by asking
you to 'verify' or 'update' information. Such emails may use the logos of the
companies or government agencies they are impersonating to look legitimate.
One clue is that such messages often contain poor spelling and grammar.
However, as scam artists become more sophisticated, their approaches are
becoming more varied and their messages are getting better. Another clue to
look out for is links that don't match the URLs of the companies they claim to
come from.
The example below shows some common phishing tactics, but expect anything.
As users catch on to one approach, Internet criminals come up with new ones.
- 'Dear Breato user...'. Be suspicious of any emails that don't address you
by name and contain no other specific information. Such messages are often
sent out in bulk, without any unique identifying information.
- 'We suspect an unauthorized transaction on your account. To ensure that
your account is not compromised, please confirm your identity ...'. Some
emails claim you need to respond because your account's security has been
compromised.
- 'Verify your account ...'. Businesses should not ask you to send
passwords, login names, Social Security numbers, or other personal
information through e-mail.
- 'If you don't respond within 48 hours, your account will be closed ...'
or 'Get your refund now ...'. One tactic is to convey a sense of urgency,
to make people respond quickly without thinking.
Remember, legitimate businesses will not ask you for sensitive information
via email. If you receive such emails, do not respond or click any links the
email contains. Forward the mail to security@breato.com and then delete it.
Look out for suspicious links and attachments
Malicious software attacks also come via email, using many of the same tactics
as phishing. These emails include links or attachments that install malicious
code - such as programs that capture keystrokes - on your computer. As users
have become wary of attachments with .exe or unknown extensions, Internet
criminals are now using attachments with seemingly innocuous .doc or .pdf
extensions. And most users still readily click on links.
- Beware of unusual links.
- Watch out for links that contain URLs that look similar to real ones; for
example www.breto.com or verify-breato.com.
- Even if a link looks OK, make sure by entering the company's URL in the
in the address bar yourself. Phishers can make links look like they go to
one place while taking you to another site.
Report suspicious emails
If you receive a suspicious email that involves the Breato brand, submit a
report at: https://security.breato.com/reportsecurityissue/
Suspicious phone calls
Several customers have reported receiving phone calls from persons who
misrepresent themselves as employees or agents of Breato. Some of these callers
are attempting to steal your Breato credentials - an illegal practice known as
'social engineering'.
Here's how it typically works:
- A caller identifies companies that use Breato by searching public job
postings, etc.
- The caller contacts the customer's main switchboard and asks for the
person responsible for Breato or the Breato administrator. The caller may
claim to offer a 'new version of Breato'.
- The caller asks for login credentials to 'install improvements' or
perform other activities in the customer's organisation.
What you need to do:
- Remind your users that Breato employees will not ask for usernames or
passwords.
- If one of your users betrays his or her login credentials, you should
reset that person's password immediately and alert us:
https://security.breato.com/reportsecurityissue/
- If a caller identifies him or herself as a Breato employee and you do not
recognize his or her name, ask for a call-back number and email address.
Then call our 0845-VERY-EXPENSIVE number to verify whether the
caller is a Breato employee.
Home...