Posts

How to Spot a Phishing Attack Through Email

It’s hard to imagine doing business in the 21st Century without email. It’s provided us with an instant tool for communication and an easy system for archiving information. Email also has given hackers a portal through which they can employ a phishing attack and infect an organization’s servers with malware and gain sensitive information, virtually effortlessly.

A phishing attack is when cyber criminals make a targeted attempt through email to trick individuals into opening links, providing sensitive information or downloading attachments with malicious software.

Phishing attempts are becoming more sophisticated and ever more frequent. For instance, more than 70 percent of targeted cyberattacks in 2017 involved the use of phishing emails, according to the Symantec Internet Security Threat Report 2018. That same report found that 7,710 businesses were hit by a scam each month in 2017.

Infomax recommends employees undergo regular training on how to recognize a phishing attack and stay aware of the latest scams. We offer regular cybersecurity training through our Complete Cloud and iGuard Managed IT services. Here are our tips on how to spot an email phishing attack.

Sender asks for personal information

Hackers have become very sophisticated, and an email can arrive in your inbox that looks authentic, mirroring the email interface of yours or another company. However authentic the email looks, a mental red flag should be raised if the individual is asking you to provide or confirm personal information. Whether it’s from an alleged human resources representative asking for your personal identification or an internal or external sender asking for financial information, you can’t be sure who may see your data once you hit the send button.

Trusted sources will never require you to email sensitive personal or business information because they know how easily accessible that information is to hackers. A trusted organization will encourage you to call a number, send mail or visit a separate, secured online platform. 

Email contains unfamiliar links

Similar to mirroring an email, hackers create false webpages that mimic real sites. When you’re prompted to enter information, such as a password, into the fake site, cyber criminals gain access to your and your organization’s information. They can also create malicious links that resemble real web addresses you or other employees frequent, hoping those who open an email don’t look too closely at a URL before they click.

Instead of clicking links train yourself and your colleagues to read a link in an email, checking it against the frequented URL in a web browser. Additionally, hover over and read the web address of links concealed within the text of the email.

Email is poorly written

An easy way to spot a phishing attack is if it contains awkward phrasing, rampant misspellings and grammatical errors. Emails from legitimate companies reflect the professionalism of those who work there. Before proceeding, those on the receiving end also should check that the email address from the sender is legitimate, not containing additional words or characters that readers may not notice on first glance.

Suspicious attachments are included

Never click on or download email attachments that look suspicious or that you are not expecting. The attachment could be a malicious URL or virus that can corrupt the user’s computer and lead hackers into the company’s network. Your business should invest in antivirus software that will scan for suspicious attachments. Employees should also verify attachments with senders by emailing them on a separate thread, calling them or messaging them in another way.

Remember not to give in to pressure from an unknown sender and always take time to consider the information received in an email before reacting. To secure training for your organization, contact us today.

Regular cybersecurity training for employees keeps your business safe

Despite businesses’ best efforts to use encrypted networks, firewalls and other cybersecurity measures, cybercriminals hack millions of networks each year, and cyberattacks are still on the rise. The majority of successful cyberattacks on companies originate through emails. Infomax knows that training employees to recognize cybersecurity threats is a necessity.

Not only is it imperative to protect a business’ confidential data and documents, but protecting against cyberthreats also saves a company’s finances. For instance, ransomware — a type of malicious software or malware that denies user access until a ransom is paid — is forecast to cost U.S. companies and organizations about $11.5 billion in 2019, according to Cybersecurity Ventures.

“We can put out lots of safeguards to make the company secure, but it doesn’t matter if employees don’t know what to do,” said Doug Postel, Infomax’s IT director. “In about 80 percent of ransomware cases, it’s not the technology that gets hacked — it’s the person.”

Doug walks us through how to train employees to recognize cyberthreats.

Regular training

Periodic training is key to keeping companies safe from the latest cyberthreats. Cybercriminals are extremely tech savvy, organized and always advancing their tactics. At Infomax, we keep track of trends so our clients don’t have to. We send regular training tips and tests to our iGuard Managed IT services clients so they can keep up to date. Training often includes a video or a timely examination of a recent security breach in the news.

“We look at a breach that’s happened, how to prevent it and what to look out for,” Doug said.  “There are new threats every day. If you’re not in a subscription mode where you’re getting updates to threats constantly, you’re leaving yourself vulnerable.”

Careful downloading

Approximately 92 percent of malware is delivered through email phishing, according to  Verizon’s 2018 Breach Investigations Report. It’s imperative to teach employees about safely receiving and downloading email files. Many companies use filtering systems for emails, but they aren’t 100 percent foolproof, Doug said.

Cisco’s 2018 Annual Cybersecurity Report found that in 2017 hackers most often used Microsoft Office formats — such as Word, PowerPoint and Excel — to hide malware. Other files hackers often used included .zip and .jar files, as well as PDFs. As a general rule, employees shouldn’t download any files from an email that they weren’t expecting to receive.

Caution clicking

About 91 percent of cyberattacks originate through phishing emails, according to research by PhishMe. To test employees, Infomax often sends test emails similar to phishing attempts employees could receive. Phishing emails are often sent from email domains that have one or two letters off from a company’s actual email, or the email address will include “.org” or “.net” instead of instead of the accurate domain.

Emails prompt employees to click a link that will take them to an unsecured website or download malware. Some links will mirror accurate website employees frequently visit. The imposter sites prompt employees to sign into their accounts, allowing hackers to gain secure passwords.

Similar to downloading documents, employees should only click on links they were expecting to receive and that they thoroughly inspect, checking email domains and links against past emails they have received. A telltale sign of phishing attempts is that they often try to send recipients into a panic by including an urgent warning. Additionally, it’s always safer to navigate to a website you have previously visited rather than to click on a potentially phony link through an email.

Administrator support

It’s important to have a company culture that reinforces cybersecurity efforts. Business administrators can ask Infomax to train and test employees on cybersecurity efforts. Managers will receive a countback of who has participated in that training.

“If an employee fails a test, it’s a chance for us to reinforce that the error could have cost the company tens of thousands of dollars,” Doug said. “It’s a great chance to provide further training.”

To tighten up your workplace’s security, contact us today.

“We take the headaches off of the business owner,” Doug said.

Email Best Practices to Keep Your Office Secure

Businesses are constantly targeted by cyber attackers using malicious emails to gain access to their systems. Ransomware in particular poses an enormous threat to organizations, becoming by far the most common form of malware today. Cyber attackers use it to lock down an unsuspecting recipient’s files and deny access to infected data until the victim pays a ransom. As an added bonus, ransomware has evolved to enable criminals to steal personal or financial information from the victim’s system as well, increasing the impact of an infection.

So, how can you ensure email security to protect yourself?

As humans are the weakest link in any company’s security, the first step to protecting itself is through education. Keep up-to-date on the latest cybersecurity trends and inform staff members of the various types of threats out there today. Stress how serious these threats are to your team, that they can and will likely be exposed to them, and how they can avoid falling prey to them.

The best way for users to protect themselves is by exercising caution in their email inbox. Never, ever, open an attachment or click on a link in an email from someone you don’t know, especially if it seems out of context. If you’re suspicious, contact your IT department before proceeding.

In addition, hackers are adept at spoofing who an email is coming from, making them appear to be sent by someone you know. If someone asks you to provide sensitive information via email, do not trust them. Verify their request by telephone or another form of communication before providing this information.

Perhaps the most effective defense against threats such as ransomware is to frequently back up your data. Even if a business does pay the ransom, there is no guarantee that the hackers will release the files being held hostage. By consistently backing up your data, you can avoid paying the ransom by simply restoring your files.

Hackers are skilled and shrewd enough to bypass SPAM filters and email security. Don’t let them lull you into a false sense of security that leaves you and your business vulnerable. Contact Infomax today to learn more about email best practices and our dedicated security solutions.

How Safe Is Your Email System?

Everyone thinks they understand email security—don’t open emails from unknown senders, don’t click on suspicious links, don’t open untrustworthy attachments. But email security goes beyond common sense. To protect your business, and your employee and client data, you need to ensure proper email safeguards are in place before your email system s compromised. It’s important to ask the question: “Is your email system really secure?”

Here are several ways you can protect and defend your email system.

  • Consistent email policies. There is strength in unity. Therefore, it is essential that your employees are all on the same page when it comes to email. With just one chink in the armor, your defenses are lowered. Be sure that every employee is on the same page when it comes to email protocol, and then backup your policies with automatic safeguards to ensure compliance.
  • Reliable email filtering. Email filtering is absolutely vital in protecting your company’s sensitive materials. At Infomax, our iGuard core email filtering will recognize and eliminate nearly all viruses, worms, and other intrusions before they present lasting problems.
  • Efficient archiving. If not properly regulated, email archiving can become haphazard and headache inducing. Be sure that your emails are properly archived, so that they are easily retrieved in case of an audit. This will streamline a business process that will benefit your clients, as well as your personnel.
  • Thorough message encryption. Email encryption can help protect your business from prying eyes, both inside and outside your business’ walls. Using specific policy criteria, encrypted messages are sent automatically. This way, your valuable information is kept out of the wrong hands.
  • Dependable disaster recovery. Protecting your inbox from unexpected events is essential. When disaster strikes, be sure there is a reliable recovery system in place. For example, a system that provides auto-spooling of messages will ensure that your email is not thrown to the wolves if something goes wrong.
  • Guaranteed Continuity. When it comes to email, continuity matters. Email management and monitoring ensures that if your system goes down, your email system continues without interruption through a remote, redundant server. This way, your workflows do not come to a grinding stop in the event of an unforeseen problem.

To learn more about how to properly secure your email system, contact Infomax today!

The True Value of On-Site Service

Servicing your IT network is not a one-size-fits-all scenario. Although remote monitoring serves many valuable functions, nothing replaces the need for occasional on-site service. Ideally, servicing your IT network should be a balance between remote monitoring and on-site service. This way, your business can run as smoothly as possible.

Here are some IT functions that require on-site service, and provide innumerable benefits to your business:

  • IT Road mapping. It’s hard to get anywhere without directions, and a good technology road map will help your business get to the next step. A technology road map ensures that your business is not blindly moving forward in the digital age, but is instead adapting in ways that best suit your business needs. Technology road maps are updated quarterly, so that your business is always headed in the right direction.
  • Email security. Email correspondence is one of the most important forms of communication these days. Make sure this important facet of your business is fully protected, using encryption, filtering methods, and other security options tailored to your business needs.
  • Disaster recovery. Let’s face it. No one likes to think about disaster striking. Fortunately, Infomax takes much of the thinking out and simplifies your recovery plan. Furthermore, with effective and reliable backup plans, you will be able to access those lost or damaged files quickly.
  • The latest software. Infomax provides the most cost-efficient software solutions available. Whether it’s a firewall, filters, or application controls, Infomax will keep your business properly monitored and protected. You will never have to worry that your software is out of date.
  • Mobile security. Mobile devices help businesses function from anywhere at any time. For that reason, they should be as protected as your in-house equipment. Mobile device management will streamline your devices, be they mobile phones or tablets, so that sensitive information is fully protected across all platforms.

As you can see, on-site services are a vital part of your IT strategy. Infomax can help secure your business from the inside out. Contact us today to learn more.