Chat with us, powered by LiveChat
678-389-6200

How to Protect against Phishing email scams

Being Protected from scams

Phishing scams are one of the most popular tools in a cyber criminal’s arsenal today, given the ease with which they can deliver their attack through the relatively undefended route of email.

Email breaches come in a variety of forms, but predominantly involve the use of a false identity – creating trust between the recipient and the hacker – with the intent of duping the victim into unknowingly sharing sensitive information or opening a malicious file on their computer.

Deception is, of course, the key to a successful phishing attack – this trust is used to draw the victim into clicking on a link embedded within the email, which will often load a website posing as a brand entity or company likely known to the email recipient. The scammers go into extensive detail to impersonate individuals and entities that you or your team are likely to trust, so that you’ll comply with their requests. Familiar names such as Netflix, your bank or governmental departments will often be used – with a message requiring the user to act urgently in updating their credit card information or sharing their login credentials.

While most cyber criminals want to gain access to your systems or to compromising and sensitive information for financial gain, some do it for the pure goal of causing chaos.

Methods of the Phishing Scammer

There are technical solutions designed with the intention of blocking phishing attempts, but the most important and first line of defense is ‘the Human Firewall’. Your team needs to know what to look out for if a scammer slips through the net into their inbox.

Your team’s first reaction to any and every email they receive must be to distrust it, until they can verify its legitimacy.

Deceptive Phishing, as described above, not only impersonates an organization you trust, but it urges you to take immediate action. The email may contain a message along the lines of: “Click link to verify identity” or “Unverified account log in, click link to identify.” Or, it may seem to be helping you avoid something bad, when actually they are the bad thing to avoid. Messages such as these will often be accompanied by a redirect to a login portal designed to  harvest account details.

Spear Phishing is a more targeted technique whereby the cybercriminal performs background research on the victim in order to pose as an individual or entity known to them personally. These criminals are not lazy – they will do whatever research they need before beginning an attack. Fraudsters can gather an extensive amount of information from social media profiles so you’ll believe it someone you know and trust. Scams of this nature have a higher chance of success as victims may not think they’d be targeted personally.

CEO Fraud is where the scammer impersonates a company CEO or other other high-status person. Armed with publicly-sourced information about the CEO they’re impersonating, they communicate with company employees asking them to perform tasks and transactions that would normally be unauthorized. The cyber criminals invent stories as to why the requests are valid in the hope that your team complies. Would you disobey and slow down the boss’s workday? You wouldn’t think twice if the source seemed genuine.

Cloning involves creating an identical copy of a previously sent email from a legitimate sender. This time, however, any of the links contained within the original email will be replaced with malicious ones.

Pharming involves directing users toward fake websites set up to steal login credentials and other forms of sensitive information. Cyber criminals may use viruses to direct individual users towards the rogue site – but this method does involve infecting the user’s computer beforehand, which can be difficult.

 

3 Ways to Avoid Phishing Attacks

With their techniques getting more sophisticated by the day, their manipulative talents, and their clever tricks, anyone can fall prey to Phishing scams. You must always proceed with care, examine links closely, and if you are in doubt, delete.

Pay close attention to URLs. If you find yourself redirected to a site from an email, take a moment to look at the URL to compare it to what you would expect. Look out for anything out of the ordinary, slight misspellings, extra words, or unnecessary hyphens in the domain name for example. Also look to see if the ‘top-level domain’ is as you expect. For example, if you expect ‘.com’ but you see ‘.fr’ then something is not quite right. As we said, if in doubt, just close your window and if you need to visit that site, enter the correct URL manually.

Know your bank and the way it operates. Do some research – or even contact – your bank to learn how they will contact you in the event of an emergency. Any financial establishment worth its weight will let you know exactly how they will get in touch so that you distinguish between legitimate communications and the fraudulent ones.

Do not reveal too much! A massive, publicly available social media presence is a goldmine to fraudsters, and they will use it to gain access to sensitive information. Apply privacy settings and keep things like your friends list, phone numbers and your date of birth viewable only to people you know and trust.

 

mPowered IT – Ensuring Cyber Security for Your Business

mPowered IT is your go-to proactive partner in keeping IT systems secure and defended. We never leave things to chance or wait for a problem to arise – predicting and preparing for the threats of tomorrow will help ensure your valuable data is protected and your business continuity maintained.

 

Learn to Spot Phishing Emails

Learn to Spot Phishing Email | Good Email Hygiene 

Avoid the spread of ransomware by learning to avoid malicious emails. Most phishing attacks can be stopped with a little diligence and awareness. Don’t let one bad click bring down your company!

Can you spot…

…use of a trusted name?

…an almost legitimate sender address?

…a generic greeting?

…attempts to create urgency?

…a suspicious attachment?

…a malicious link?

…generally unprofessional look and feel?

Train for phishing awareness

WATCH FOR GENERIC CONTENT AND GREETINGS

Greetings like “Dear valued customer” or “Important client” are a bad sign. If you or your company isn’t identified by name at the beginning of the email, be suspicious.

NOTICE MISSPELLINGS, INCORRECT GRAMMAR, & ODD PHRASING

Phishing emails from other countries (which is the majority of them) often contain poor grammar and misspelled words.

URGENCY IS THEIR MOST POWERFUL TOOL

Scammers have known this for ages: if you make someone panic or hurry, it’s much easier to make them slip up.

MANUALLY CHECK ALL LINKS

Mouse over every link to check the URL you’ll be sent to. If you don’t know for sure that it’s safe, don’t take the chance.

EXAMINE THE SENDER’S EMAIL ADDRESS

Scammers use email addresses that look almost like legitimate email servers. Be wary of addresses like “@microsoft.custsupport.com” or “@ups-service.com”

ONLY INPUT DATA ON SECURE WEBSITES

Any webpage where you enter personal information should have a url beginning with https://.

For ways to protect your small business, call mPowered IT at 678-389-6200 or visit mpoweredit.com.

17 Important Cybersecurity Stats for Small Business Owners

Cybersecurity is a complex subject, which makes many businesses hesitate to fully address it. Don’t be one of them.

Cybersecurity Statistics

The first step to understanding the importance of cybersecurity is to realize the number and type of current threats, the potential damages they can cause to your business, and the common mistakes that increase cyber risk.

1. It’s predicted that, by 2021, cybercrime will cost the world $6 trillion annually.

2. On average, a cyberattack is carried out every 39 seconds.

3. 1 in 323 emails sent to small businesses involve malicious links or a phishing attempt.

4. 95% of cybersecurity breaches can be traced back to human error.

5. The average cost of a data breach in 2021 will exceed $150 million.

6. 60% of small businesses that fall victim to a cyberattack go out of business within six months.

7. 56% of Americans are unsure how to respond in the event of a data breach.

8. On average, SMBs experience 8+ hours of downtime during a breach.

9. 62% of SMBs lack the in-house skills to handle cybersecurity.

10. 21% of business data folders are not encrypted or access controlled in any way.

Ransomware Threats

Ransomware is still one of the most common threats to businesses in 2021. Typically spread through seemingly-harmless emails, ransomware can easily make its way into your network and lock access to your systems and data.

11. 63% of ransomware victims in 2019 were small businesses.

12. During 2019, in the US, ransomware infected 113 state and municipal governments and agencies, 764 healthcare providers, and 89 universities, colleges, and school districts.

DATA Backup and Disaster Recovery

Every business should have a data backup solution in place, regardless of size or industry. With technology playing such a huge role, the prospect of losing files or being denied access to your own systems is costly — and could be devastating.

13. Only 21% of SME companies have a full disaster recovery plan.

14. The average cost of downtime to a business is $5,600 per minute.

15. The most common causes of data loss are hardware/system failure (31%), human error (29%), and viruses, malware, or ransomware (29%).

16. A simple drive recovery can cost upwards of $7,500, and success is not guaranteed.

17. 58% of SMBs say they test their disaster recovery plan just once a year or less, while 33% say they test infrequently or never at all.

For ways to protect your small business, call mPowered IT at 678-389-6200 or visit mpoweredit.com.

 

Protect Your Company Against “Notification” Phishing Schemes

Cloud-based office productivity solutions, including Microsoft 365 (formerly Office 365), enable remote workers to communicate, collaborate, and work from anywhere. Unfortunately, cybercriminals are using these productivity apps to breach organizational networks. One of the attacks currently making the rounds is a phishing scheme that leverages the automated notifications that Microsoft apps send to employees whenever they’re mentioned in a group chat or a document.

Microsoft Teams Phishing Scheme

SC Magazine reports on a phishing scheme targeted at users of Microsoft Teams, a group communication and chat tool. Employees receive an email with the subject header, “There’s new activity in Teams.” The body of the email notifies them that their co-workers are trying to reach them and contains three hyperlinks: “Microsoft Teams,” “[contact] sent a message in instant messenger,” and “Reply in Teams.”

The email is designed to look like legitimate communication from Microsoft, the type that remote employees receive all day long. If the employee clicks on any of the links, they’re taken to a phishing website that looks like the real Microsoft login page. Should the employee not realize that they’ve landed on a phishing page and enter their login credentials, those credentials, as well as any other information stored on their account, will immediately be compromised.

Protecting Your Company from Notification Phishing Scams

  • Advise your employees not to blindly click on notification emails, even if they seem to come from a legitimate vendor like Microsoft or Google. Yes, we get a lot of them, all day long, but it’s important to read them carefully. If the recipient doesn’t recognize the document they were tagged in, they should contact the person who allegedly sent it and verify that the notification is legitimate.
  • Require that employees use multi-factor authentication (2FA) on all accounts that support it. With 2FA enabled, even if an employee’s credentials are compromised, cybercriminals won’t be able to access their account without the second authentication factor.

Learn more about Cyber Security

Related Articles
Email Security Can Save Your Small Business Big Money
Are Your Company Credentials For Sale On The Dark Web?
13 Email Threats You Should Know About

Ready for Better Network Security? Call us now at 678-389-6200 or

Phishing Simulation & Security Awareness Training

Your employees are your first and primary line of defense against online crime. Equip them with the knowledge and skills they need to protect themselves – and your business – from criminal elements.

Detect – Employees often use the same password for multiple services on the web, such as CRM, e-commerce sites, and social media. Proactive monitoring for stolen and compromised employee data on the dark web allows us to detect when a problem arises, before a major breach occurs.

Phish – We can send scheduled phishing campaigns, including customized messages to fit each group or department, at random times during a specified period. With an ever-changing threat, it is important that your employees are exposed to all the latest phishing traps set by criminals.

Train – It is not always disgruntled workers and corporate spies who are a threat. Often, it is the non-malicious, uninformed employee. Our easy-to-understand, short, and visually engaging training videos end with an online quiz to verify the employee’s retention of the training content.

Measure and Track – Your regular Security Threat report will demonstrate the overall cybersecurity posture of your organization, to include dark web credential compromises combined with employee phishing and training campaign results.

Why do you need an integrated, ongoing program?

  • Cyber-attacks are on the rise; particularly among small- and mid-sized businesses.
  • You may have the most up-to-date and strongest security systems in place, but this will be a wasted investment if you don’t also train and test your staff.
  • Threats are ever-evolving and become more sophisticated and harder to detect. Regular training on the latest criminal tactics will help mitigate risk.

For more, call us at 678-389-6200 or contact us online.

Web Analytics