Security Awareness :eyes:

Parallel contractors and employees are constant targets for hackers and scammers. Everyone should be aware of common tactics and what constitutes suspicious behavior.

Table of contents

  1. General Guidelines :white_check_mark:
  2. Email :email:
  3. Text Messages :iphone:
  4. Phone Calls :phone:
  5. Customer Support :ambulance:

General Guidelines :white_check_mark:

Due to the nature of our business and the sensitive information we collect, Parallel employees and contractors are often targets for scammers and hackers. You should be familiar with the general approaches used in social engineering, and know that you could be targeted based on your access to highly sensitive personal information.

Here are some things you should keep in mind:

  1. All employees and contractors are likely targets for hackers
  2. Hackers and scammers routinely target new hires with custom, Parallel-related messages even before they start
  3. You should never engage / respond to any messages you think are suspicious
  4. You should always send suspicious messages to security@parallelmarkets.com immediately
  5. Our company’s survival depends on your vigilance. If you run malware or share credentials with a bad actor, you could kill Parallel (our company could be destroyed by a leak)
  6. If you accidentally do something you shouldn’t have (clicking a suspicious link, responding to a spear phishing text, etc.) - don’t panic! Email security@parallelmarkets.com for help ensuring your systems and Parallel data are safeguarded.

Email :email:

You may get an email that looks valid at first glance but contains an attachment with malware or a link to a site that will install malware. Emails can also attempt to trick you into providing credentials or other sensitive information (this is known as phishing :fishing_pole_and_fish:).

Here are some general guidelines for email:

  1. If you get an email that looks suspicious, forward the email to security@parallelmarkets.com immediately and do not click any links or download any attachments
  2. An email can be suspicious, even if it’s from someone you know, if there’s an unexpected link :link: or attachment :file_folder:.
  3. Don’t be afraid to reach out to anyone directly to ask if they sent something you weren’t expecting (for instance, reach out on Slack).
  4. Follow the guidelines for identifying phishing emails provided in this guide.
  5. When in doubt, reach out to security@parallelmarkets.com, including any suspicious emails you receive via personal accounts.

Note that the Security Team will, from time to time, simulate phishing attacks to our company email addresses to ensure everyone is aware of phishing threats. The purpose is to ensure employees know the signs of a phishing attempt and that they follow the correct procedure.

Text Messages :iphone:

You may get a text message from a bad actor asking you to do something or to share information. You should be aware of suspicious texts, and don’t click links that look suspicious or weren’t expected.

Here are some important things to know about text messages:

  1. Do not use text messages as a means of conducting company business. Your coworkers should never send you a text message for any company business. You should only communicate with your colleagues, managers, and direct reports via Slack or your parallelmarkets.com email address.
  2. If you get a text message from anyone claiming to be a coworker, you should send a screenshot immediately to security@parallelmarkets.com - and don’t respond.
  3. Send screenshots of any suspicious text messages (especially any from unexpected senders asking you to do something) to security@parallelmarkets.com.
  4. Text messages and phone calls are both vulnerable to an attack known as a SIM Swap, where a bad actor can steal a phone number. This means that you can never fully trust that the number shown as the sender/caller still belongs to the person you think it does.
  5. Never respond to a suspicious text message.

Phone Calls :phone:

You may get a phone call from a bad actor asking you to do something or to share information. You should never share sensitive data over the phone.

Here are some important things to know about phone calls:

  1. If you suspect that someone you’re speaking with isn’t who they claim to be and may be trying to get information about you, Parallel, one of our customers, or any other sensitive information - you should immediately hang up and email security@parallelmarkets.com with the details of the call.
  2. Even if someone calls from a number you recognize, know that they may be a victim of a SIM Swap attack and you may be speaking to a bad actor.
  3. Never share sensitive data about Parallel, our users, our customers, or yourself over the phone

Customer Support :ambulance:

For those Parallel employees providing support to our users and partners, there are some special things you should know.

  1. If you receive a security report of any kind (issue, customer ticket, etc.) never dismiss it as invalid. Please contact the Security Team.
  2. If you receive a suspicious customer support message in Zendesk (including any messages asking you to click links or download files), send a link to the Zendesk ticket (and any helpful background) to security@parallelmarkets.com. Do not click any links, the Security Team will respond with instructions.
  3. Never share user or customer data via our customer support channels; private data should only ever live on app.parallelmarkets.com.