Don’t Get Phished!

Email Phishing

Tired of all the spam you’re getting in your inbox? You are not alone. According to the 2018 Internet Security Threat Report (ISTR), 54.6% of all email is spam and the average user gets 16 malicious spam emails per month. That’s scary!  If your company has 50 employees, that translates to 800 times a month and nearly 10,000 times a year that your company may become a victim of a cybersecurity incident if your employee doesn’t make the right call.

To make matters worse, hackers are getting more sophisticated. Forget the emails full of grammatical errors – while you can still find these, many are perfectly mirroring an email you’d typically get from your bank or an HR department. According to the 2018 State of the Phish survey, 76% of organizations experienced phishing attacks like this in 2017.

So what should you and your employees watch out for? Here are a few common tricks the cyber adversaries use, and our recommendations on the best actions to take.

The threat What should you do?
Email from an employee or senior management requesting you to send money or take action for the company. Confirm or validate directly with the requestor (by phone or in person) that they are truly requesting you to take action for the business.
“Mailbox is 97% full” or “Alert! You have 3 undelivered pending messages” Do not click on any links. These email warnings are not valid.
Court cases / Legal notifications – “Hearing of your case in Court No#7385” Delete the message. No legitimate court would email such notifications or demands to appear.
“Install a Microsoft update for Windows, Explorer, Outlook, etc.” Be wary of these prompts. Any valid and necessary updates are usually performed on the company servers, not on individual computers.
Email from a bank or credit card company asking you to validate your account information. This is clearly an identity theft scam. Delete the email immediately.  If you are on the fence, call your bank or credit card company to verify the email.
A website of unknown or suspicious origin asks you to provide your business email address on a form. Don’t enter your personal info on questionable sites. Many compromising threats are generated from these sites.
Email stating that you have a very rich, long lost relative that has died in a horrible accident while living in Nigeria. Delete the message immediately. This is another scam that is attempting to get your bank account information.
An official-looking message claiming to be a customer complaint. It looks like it’s been sent by the Better Business Bureau or a credit agency. Delete the email permanently. This type of message usually contains either an Internet link, or an attached PDF document that contains a link to a website.  It’s intended to lure you to a website which will in turn download a virus to your computer.  Note that these agencies typically send out notifications in letter form and NOT emails.

The general rule of thumb for email activity is that if you are not certain of an email’s origin, delete it to be on the safe side.  You should also be wary of any attachments that you are not expecting.  Lastly, do NOT click on any Internet links if you are not certain of the destination.  By following these simple guidelines, you can avoid many problems and risks to your business.

Also, do not make the mistake of thinking that human error is your only cyber threat and that cybersecurity awareness training is enough.  While human error does cause 25% to 90% of all cyber-attacks (depending on which study you look at) and staff training is immensely helpful, there will always be someone at every organization who will get tricked by a phishing attempt.

Is your company ready? Get your security basics covered with our Managed Services offerings. Request a free consultation today.

 

About the Author

Lucie HysLucie Hys is a Senior Product Marketing Manager at TPx. She is currently leading the marketing efforts for the company’s MSx suite of managed services. She has been working in marketing for more than 9 years, with the last four focusing on the cybersecurity industry. Lucie graduated with an MBA from Florida Gulf Coast University. In her spare time, she is an avid fitness enthusiast and a passionate traveler.