Posts

How to Spot a Phishing Attack Through Email

It’s hard to imagine doing business in the 21st Century without email. It’s provided us with an instant tool for communication and an easy system for archiving information. Email also has given hackers a portal through which they can employ a phishing attack and infect an organization’s servers with malware and gain sensitive information, virtually effortlessly.

A phishing attack is when cyber criminals make a targeted attempt through email to trick individuals into opening links, providing sensitive information or downloading attachments with malicious software.

Phishing attempts are becoming more sophisticated and ever more frequent. For instance, more than 70 percent of targeted cyberattacks in 2017 involved the use of phishing emails, according to the Symantec Internet Security Threat Report 2018. That same report found that 7,710 businesses were hit by a scam each month in 2017.

Infomax recommends employees undergo regular training on how to recognize a phishing attack and stay aware of the latest scams. We offer regular cybersecurity training through our Complete Cloud and iGuard Managed IT services. Here are our tips on how to spot an email phishing attack.

Sender asks for personal information

Hackers have become very sophisticated, and an email can arrive in your inbox that looks authentic, mirroring the email interface of yours or another company. However authentic the email looks, a mental red flag should be raised if the individual is asking you to provide or confirm personal information. Whether it’s from an alleged human resources representative asking for your personal identification or an internal or external sender asking for financial information, you can’t be sure who may see your data once you hit the send button.

Trusted sources will never require you to email sensitive personal or business information because they know how easily accessible that information is to hackers. A trusted organization will encourage you to call a number, send mail or visit a separate, secured online platform. 

Email contains unfamiliar links

Similar to mirroring an email, hackers create false webpages that mimic real sites. When you’re prompted to enter information, such as a password, into the fake site, cyber criminals gain access to your and your organization’s information. They can also create malicious links that resemble real web addresses you or other employees frequent, hoping those who open an email don’t look too closely at a URL before they click.

Instead of clicking links train yourself and your colleagues to read a link in an email, checking it against the frequented URL in a web browser. Additionally, hover over and read the web address of links concealed within the text of the email.

Email is poorly written

An easy way to spot a phishing attack is if it contains awkward phrasing, rampant misspellings and grammatical errors. Emails from legitimate companies reflect the professionalism of those who work there. Before proceeding, those on the receiving end also should check that the email address from the sender is legitimate, not containing additional words or characters that readers may not notice on first glance.

Suspicious attachments are included

Never click on or download email attachments that look suspicious or that you are not expecting. The attachment could be a malicious URL or virus that can corrupt the user’s computer and lead hackers into the company’s network. Your business should invest in antivirus software that will scan for suspicious attachments. Employees should also verify attachments with senders by emailing them on a separate thread, calling them or messaging them in another way.

Remember not to give in to pressure from an unknown sender and always take time to consider the information received in an email before reacting. To secure training for your organization, contact us today.

31 Flavors: A Variety of Email Threats to Beware of

Every business relies on email to communicate effectively. Unfortunately, email-centralized cyberattacks are a growing trend around the world. For this reason, businesses of all sizes are focusing on email security more than ever before. There are many ‘flavors’ of email threats out there with the potential to harm your network. Let’s take a look at a few of the most common types that are making the rounds in 2017.

Phishing
Phishing attacks are becoming increasingly popular. This is when a cybercriminal impersonates a business or person with the intent to steal personal data or login credentials. It’s usually in the form of an ‘urgent’ message that attempts to scare users into giving up vital information. Defensive technology is important to prevent employees from falling victim to phishing; however, do not overlook the importance of ongoing education and awareness for all users on your network.

Spear Phishing
This type of attack is on the rise in the ever-growing world of social media. Attackers create fake profiles on social media sites to gather information on unsuspecting users. This information is then used in email attacks. It is again important for users to be educated on how to safely navigate social media sites, especially in the workplace.

Ransomware
Ransomware has frequently been in the headlines over the past year or so as more and more businesses, hospitals, and government agencies fall victim to these attacks. Ransomware is a type of malware that encrypts the victim’s data and blocks access to it until a specified amount of money—a ‘ransom’— is paid. This epidemic is spreading quickly through emails that contain malicious links or attachments.

User awareness is an important component of protecting your business from these types of attacks. Along with this awareness, defensive technology also needs to be in place to balance out the risk of human error. Cybercriminals are constantly trying to fool users with new schemes; blocking these malicious emails from your network is your best bet to remain secure. For more information on how to protect your business from email threats such as phishing, spear phishing, and ransomware, contact Infomax Office Systems today.