Over the past few months, we’ve seen many email scams affect our clients and community. Please be extra cautious when opening emails from people you know, both in and outside your organization. Without proper end-user security awareness, your organization can be at risk of an attack.
I wanted to share some common phishing attacks we have seen:
- Hackers have been sending spoof emails from email addresses that you may know, asking you to view a PDF attachment. They ask you to click and login with your email credentials to open the PDF. After entering your credentials, you do not see the PDF, but the hacker has now received your credentials and will try to send more phishing emails to your contacts to retrieve their credentials too.
- Hackers send an email claiming to be from someone within your organization, but have a different email domain that may be slightly different from your own. They will converse with you pretending to be someone else and encourage you to send payment or give details that allow them to steal from you.
- Hackers have also sent emails from someone within your contact list asking you to download various attachments or to click on a link. ALWAYS hover over the link to see its origin, and ALWAYS call the person if the email seems suspicious. Email monitoring software can’t detect if an email is a scam or phishing email if the hacker is using the person’s actual credentials to login.
Please follow email security practices and do not open attachments or click on links that seem to be sent out of the blue. DO NOT reply to the person asking if it is genuine. The hacker may still be logged into that email account and will send you a response to their liking to get you to open the attachment. It's best to always call the person if you are questioning the emails credibility.
The best prevention actions are:
1. Train employees with an effective training program that routinely uses an integrated anti-phishing tool that keeps security top of mind and help them recognize what a phishing email might look like.
2. Back up just in case and regularly test those backups to make sure they work.
You can view this PDF that outlines social engineering "red flags" that you can share with your staff.
As a reminder, Tech Networks offers in-person cyber security training, annual security awareness training, IT security assessments, and a free phishing test for you to make sure your staff knows what to look for.
If you would like to learn more about our IT security services, please don't hesitate to contact us.
Remember, think before you click.