Posts

How to Spot a Phishing Attack Through Email

It’s hard to imagine doing business in the 21st Century without email. It’s provided us with an instant tool for communication and an easy system for archiving information. Email also has given hackers a portal through which they can employ a phishing attack and infect an organization’s servers with malware and gain sensitive information, virtually effortlessly.

A phishing attack is when cyber criminals make a targeted attempt through email to trick individuals into opening links, providing sensitive information or downloading attachments with malicious software.

Phishing attempts are becoming more sophisticated and ever more frequent. For instance, more than 70 percent of targeted cyberattacks in 2017 involved the use of phishing emails, according to the Symantec Internet Security Threat Report 2018. That same report found that 7,710 businesses were hit by a scam each month in 2017.

Infomax recommends employees undergo regular training on how to recognize a phishing attack and stay aware of the latest scams. We offer regular cybersecurity training through our Complete Cloud and iGuard Managed IT services. Here are our tips on how to spot an email phishing attack.

Sender asks for personal information

Hackers have become very sophisticated, and an email can arrive in your inbox that looks authentic, mirroring the email interface of yours or another company. However authentic the email looks, a mental red flag should be raised if the individual is asking you to provide or confirm personal information. Whether it’s from an alleged human resources representative asking for your personal identification or an internal or external sender asking for financial information, you can’t be sure who may see your data once you hit the send button.

Trusted sources will never require you to email sensitive personal or business information because they know how easily accessible that information is to hackers. A trusted organization will encourage you to call a number, send mail or visit a separate, secured online platform. 

Email contains unfamiliar links

Similar to mirroring an email, hackers create false webpages that mimic real sites. When you’re prompted to enter information, such as a password, into the fake site, cyber criminals gain access to your and your organization’s information. They can also create malicious links that resemble real web addresses you or other employees frequent, hoping those who open an email don’t look too closely at a URL before they click.

Instead of clicking links train yourself and your colleagues to read a link in an email, checking it against the frequented URL in a web browser. Additionally, hover over and read the web address of links concealed within the text of the email.

Email is poorly written

An easy way to spot a phishing attack is if it contains awkward phrasing, rampant misspellings and grammatical errors. Emails from legitimate companies reflect the professionalism of those who work there. Before proceeding, those on the receiving end also should check that the email address from the sender is legitimate, not containing additional words or characters that readers may not notice on first glance.

Suspicious attachments are included

Never click on or download email attachments that look suspicious or that you are not expecting. The attachment could be a malicious URL or virus that can corrupt the user’s computer and lead hackers into the company’s network. Your business should invest in antivirus software that will scan for suspicious attachments. Employees should also verify attachments with senders by emailing them on a separate thread, calling them or messaging them in another way.

Remember not to give in to pressure from an unknown sender and always take time to consider the information received in an email before reacting. To secure training for your organization, contact us today.

Regular cybersecurity training for employees keeps your business safe

Despite businesses’ best efforts to use encrypted networks, firewalls and other cybersecurity measures, cybercriminals hack millions of networks each year, and cyberattacks are still on the rise. The majority of successful cyberattacks on companies originate through emails. Infomax knows that training employees to recognize cybersecurity threats is a necessity.

Not only is it imperative to protect a business’ confidential data and documents, but protecting against cyberthreats also saves a company’s finances. For instance, ransomware — a type of malicious software or malware that denies user access until a ransom is paid — is forecast to cost U.S. companies and organizations about $11.5 billion in 2019, according to Cybersecurity Ventures.

“We can put out lots of safeguards to make the company secure, but it doesn’t matter if employees don’t know what to do,” said Doug Postel, Infomax’s IT director. “In about 80 percent of ransomware cases, it’s not the technology that gets hacked — it’s the person.”

Doug walks us through how to train employees to recognize cyberthreats.

Regular training

Periodic training is key to keeping companies safe from the latest cyberthreats. Cybercriminals are extremely tech savvy, organized and always advancing their tactics. At Infomax, we keep track of trends so our clients don’t have to. We send regular training tips and tests to our iGuard Managed IT services clients so they can keep up to date. Training often includes a video or a timely examination of a recent security breach in the news.

“We look at a breach that’s happened, how to prevent it and what to look out for,” Doug said.  “There are new threats every day. If you’re not in a subscription mode where you’re getting updates to threats constantly, you’re leaving yourself vulnerable.”

Careful downloading

Approximately 92 percent of malware is delivered through email phishing, according to  Verizon’s 2018 Breach Investigations Report. It’s imperative to teach employees about safely receiving and downloading email files. Many companies use filtering systems for emails, but they aren’t 100 percent foolproof, Doug said.

Cisco’s 2018 Annual Cybersecurity Report found that in 2017 hackers most often used Microsoft Office formats — such as Word, PowerPoint and Excel — to hide malware. Other files hackers often used included .zip and .jar files, as well as PDFs. As a general rule, employees shouldn’t download any files from an email that they weren’t expecting to receive.

Caution clicking

About 91 percent of cyberattacks originate through phishing emails, according to research by PhishMe. To test employees, Infomax often sends test emails similar to phishing attempts employees could receive. Phishing emails are often sent from email domains that have one or two letters off from a company’s actual email, or the email address will include “.org” or “.net” instead of instead of the accurate domain.

Emails prompt employees to click a link that will take them to an unsecured website or download malware. Some links will mirror accurate website employees frequently visit. The imposter sites prompt employees to sign into their accounts, allowing hackers to gain secure passwords.

Similar to downloading documents, employees should only click on links they were expecting to receive and that they thoroughly inspect, checking email domains and links against past emails they have received. A telltale sign of phishing attempts is that they often try to send recipients into a panic by including an urgent warning. Additionally, it’s always safer to navigate to a website you have previously visited rather than to click on a potentially phony link through an email.

Administrator support

It’s important to have a company culture that reinforces cybersecurity efforts. Business administrators can ask Infomax to train and test employees on cybersecurity efforts. Managers will receive a countback of who has participated in that training.

“If an employee fails a test, it’s a chance for us to reinforce that the error could have cost the company tens of thousands of dollars,” Doug said. “It’s a great chance to provide further training.”

To tighten up your workplace’s security, contact us today.

“We take the headaches off of the business owner,” Doug said.