Have you received such a fraudulent email or landed at one of these prank sites?
- Never respond to suspicious email from senders you don’t know.
- Never open attachments or follow up links to dubious emails.
- Ignore malicious payment requests that appear in emails or on websites.
- Never install software updates or programs from unknown websites.
- Send us details of such events.
1. Common Sources of Risk
Emails with Forged Shipment Notices
Be sceptical when you receive shipment confirmations or other emails from companies you have not ordered anything from. When these emails contain attachments, delete the email straight away. Under no circumstances should you open the attachment. These can contain malware that self-installs on your computer. Hermes does not send such emails, nor are such sent on Hermes’ behalf.
Scareware and Other Harmful Programs
There are some websites that appear as if they are operated by one of the Hermes companies. These rogue sites try to trick unsuspecting users into installing harmful programs such as spyware, trojans or viruses.
Hermes is not at all responsible for these sites. Hermes would never ask you (either by email, or on its website) to update your browser or operating system for security reasons, nor would Hermes ask you to install additional software. To be able to get the most of the functions available on Hermes sites you simply require a recent version of your browser and a program that enables PDF documents and Flash animations to be displayed.
Scareware is a software product that aims at generating a feeling of insecurity in visitors to the site by issuing warnings and alleged error messages. The concept “scareware” is a composite of “scare” and “software”. Existing websites are copied 1:1 and provided under similar URLs. Some of these prank websites display a popup window that refers the user to security updates, a virus infection or the like and uses such anxiety-based strategies to “scare” the user into taking action. To remedy the problems, the user is requested to download software and to install it immediately. This software is neither a security update nor a new release of the browser. In fact, there is a significant risk that the rogue software product might be harmful. If this happens to you, we would strongly advise you to leave such misleading sites and close the browser.
The so called “phishing” – derived from “password fishing” – is used to get a hold of confidential user data and passwords by sending out fake e-mails. Unfortunately there has recently been an increase in this sort of criminal activity. These e-mails not just ask the user to send confidential personal data, but sometimes also offer links to fake websites of companies and credit institutions to acquire the personal data when the user tries to login. No reputable company will ever ask for your password, credit card number, or personal data nor will it ask you to update that information via e-mail. In your account you have the possibility – if necessary – to update your personal information like address etc. yourself.
Hermes will never ask you (eg by e-mail or by telephone or by SMS), to enter or transmit sensitive customer information via the Internet. The payment of our services will be on the spot and in cash. If you receive a payment request via e-mail, please ignore this. In this case it is a phishing attempt. Other phishing emails ask the user to change password or threaten to block accounts. In these cases, do not enter any data whatsoever.
2. Encrypted Transmission
Data transmitted between your browser and the www.h-oi.com website is safeguarded through the use of SSL (secure sockets layer). All the data you enter is encrypted. Please check whether the certificate is the address line is ‘green’. Depending on your browser, the address line or part of it may be shown in green. Please also check whether the certificate has been issued for Hermes-OTTO International. This can easily be done by clicking the green bar in the address line or on the lock in the status line or next to the address line.
3. General Security Rules for You
- Do not save any passwords unencrypted on your computer. This could make it easy for hackers to access your data. If you can’t make a mental note of your passwords, use software that will store the information in encrypted form.
- Use passwords with a least eight characters. Ideally you should be using upper and lower case letters, numbers and special characters. A simple way to generate a secure password which is often easy to remember is to use the initial letters of the words in a sentence. Replace numerical words with the numbers themselves and play around with special characters. For example “On Sunday, my two children played on a climbing frame!” can be changed to ‘OSm2cpoa#!’ The hash mark might remind you of a climbing frame.
- Install a virus scanner on your computer and make sure it is always up to date.
- Ensure that your operating system and your programs are always the latest and the most secure versions. Install the security updates recommended by the manufacturer.
- Only install software from trustworthy sources.
- Wherever possible, only use your own computer to enter access data to websites. When it comes to public systems (such as Internet cafés and libraries) you never know what malware is installed that can read confidential information.
- If you suspect that access details have been compromised by third parties, change your password immediately. Wherever possible, you should use different passwords for different websites.
For more information, check your local information security office.