Keep Your Business Technology Safe From Evolving Phishing Attacks
Cybercriminals have been using phishing attacks for years, tunneling into business systems and data when unwary staff members click a link in emails or open an attachment. While most IT departments have now trained staff members to be on the lookout for this type of attack, hackers are also evolving their approach. These newest attacks are taking advantage of new vulnerabilities in systems, but also taking advantage of the trust of staff members to launch an attack. One of the latest ways that these crafty criminals are delivering their malware payload is by disguising the files as a voicemail recording that is delivered to a user’s inbox — a common occurrence with today’s advanced telecommunications platforms. Here are some of the ways you can help your staff identify a malicious email, report it and delete it before your business suffers the consequences.
Email is the Weakest Link in Your Business Security
Phishing is defined as “A type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source”, according to the Federal Trade Commission (FTC). With estimates showing that 1 in every 99 emails is now a scam, it’s nearly impossible to create automated tools that can filter out all of these attacks. Instead, these emails tend to cause disruption to the productivity of your staff, significantly damage the reputation of your business and even result in a loss of revenue due to the consumer impact.
Training Your Staff to Spot a Phishing Email
When phishing emails became a problem back in the mid-1990s, it was relatively easy to spot these fraudulent emails. They were often poorly spelled and encouraged the reader to send money to relatives in faraway lands or log in to their online accounts and “confirm” contact details. From these early origins, phishing has become increasingly sophisticated and much more difficult for users to identify. Sharing these tips with your staff members may help reduce the possibility of falling victim to a phishing email:
- Hover over the email address and domain of an email that has a questionable request from internal staff members or trusted vendors. Hackers are notorious for masking email addresses, making them appear to be from a trusted contact when the email is actually being sent from a spammer’s email address.
- Be wary of poor personalization. Scammers are equal-opportunity attackers, and are always looking for shortcuts that allow them to target multiple people at once. Personalization that contains a name you rarely use, or is addressed to “Valued Customer” from your bank should be viewed with a great deal of suspicion and caution.
- Don’t panic — even if the email makes it sound like there’s an immediate issue with a key account. One of the latest tricks by these nefarious individuals is to make it sound as though your social media account has been hacked, recommending that you immediately click the link to confirm that your information is secure.
- Unless you are expecting an invoice or other attachment from a vendor or internal staff member, be extremely cautious when viewing attachments. Even a preview of the file inside Microsoft Outlook may be enough to show you whether the item is safe to open.
When considering phishing emails, encourage staff to protect the business by reporting any unusual email activity that appears to come from outside the organization.
While it’s impossible to predict what the next round of phishing attacks or ransomware will look like, it is possible to help reduce the possibility of an attack on your organization. Unfortunately, it can take businesses up to six months to identify that they have been the victim of a cybersecurity breach which makes it vital to actively review whether your information is available for sale on the dark web. When you are ready to learn if your business or personal information has been targeted, email MBowe@onsitecomputersinc.com for a free dark web scan. You can always contact the experts at On-Site Computers at 833-250-7170 for more information or fill out a quick online form to request a complimentary initial consultation to determine your cybersecurity readiness level.
| Published on October 16, 2019