January 2024 Online Security Bulletin

About this Bulletin
This online security bulletin is sent to inform the enitre workforce of the company of current ICT threat domains and emerging security issues.Then best practices applicable to mitigating and managing such venulrability and exploits. If you have any questions about this bulletin, Send a reply with your concerns as heading to: ict-support@calyxsec.com
Security is Everyone’s Responsibility
While The Company (Calyx Securities Ltd.) strives to provide secure and safe ICT computing resources and services to all staffs, it is the responsibility of everyone who access and use Internet and network resources to keep current with safe computing best practices and to conduct business in a secure and vigilant manner. Visit the Calyx Securities ICT Safeguards and best Practicies portal at security.calyxsec.com for more information and read these IT Security Bulletins when issued.
Sensitive Information Handling
All staffs are required to understand their responsibilities for handling and protecting sensitive information. Please refer to the ICT Sensitive Data Protection Policy for further information: http://security.calyxsec.com/policies/documents/sensitive‐data.pdf
Safe Computing Tips – Downloading files
Download files only from trusted sources. Files from untrusted sources may contain viruses or other malicious programs. “Free” software hosted on file‐sharing programs and untrusted websites often contain spyware and may have adverse effects on your computer.
Phishing Attacks Because so many people use and depend on email, phishing has become one of the primary attack methods used by cyber criminals. Phishing messages try to lure you into giving up your username, password, credit card details, or other information by masquerading as someone you know or trust. They often request that you click on a link, open an attachment, or reply to the email with your personal information. Phishing email can look very convincing and appear as if it were sent from a friend, your bank, or an online store. It may even impersonate official calyxsec email and link to a calyxsec.com fake login page. In fact, Our Passwords and userids have been the target of recent multiple phishing attacks.
Is it Phishing?

• Be suspicious of email that is “Urgent” or requires “Immediate Action”.
• Be suspicious of attachments and only open those that you were expecting.
• Be suspicious of email with significant grammar and spelling mistakes.
• Be suspicious of email from a friend or colleague that looks odd or out of place. If their email account has been compromised by an attacker, it could be used to send phishing email. Examine from “From:” email address. Often the “Display Name” will say something that looks familiar, but the underlying email address (with the “@” sign) is obviously foreign or nothing you recognize.
• Examine the underlying URL on any links. Regardless of how the link is labeled in the email, tunderlying link on a Phish email will usually not be a “calyxsec.com” address.

If you receive a phishing email, DON'T OPEN IT, you should DELETE IT. You can also forward the email to ict-support@calyxsec.com. Please Note: If you ever receive any email from Calyx Securities Tech Support about ICT related issues, we will always use the email address:ict-support@calyxsec.com If you have any doubts about the authenticity of the email and we will never directly ask any staff for thier user credentials: IDs or passwords.

Example of a Recent Phishing Scam
============================================
Subject: Email Security Update
From: ICT Help Desk
Attention: There has been an automatic security update on your email address. CLICK HERE to complete the update. Please note that you have 24 hours to complete this update or you may lose access to your Email Box. ==========================================