No matter how great your security system, users can still let the bad guy in if they don’t know what to look for.
As security gets more and more sophisticated, users themselves become the easiest target. I’ve seen it all! From an email with a fake resume—that ended up destroying all the files on an ENTIRE network! To a popup message saying that your computer is infected and talk to Microsoft Support by calling 888-UR-HACKD. When the user dialed, an Indian voice asked you to click on a remote site (and consequently giving criminals a way into your system!).
You are probably chuckling to yourself thinking “No one in my office would fall for such tricks!” But the raw truth is IT HAPPENS ALL THE TIME!
Especially with increased phishing as of late, I want to make sure your network is secure and your team understands the warning signs of an email attack.
Here a couple of videos that really hit home what you and your team should be looking for when it comes to your business cybersecurity.
First, understand what you have to do to stay safe online.
Second, Identify Phishing Scams: they come in all shapes and sizes!
Last, how to avoid the scam!
The best cure for phishing is to know the signs. Below are some tell-tail signs of a phishing attack:
Train your users on these email red flags:
FROM:
- I don’t recognize the sender’s email address– especially ones from people I regularly communicate.
- This email is sent by someone outside of my contacts and/or organization and does not pertain to my work.
- This email was sent by someone within my contacts and/or organization (i.e., a team member, customer, vendor, or partner), but is very unusual or out of character.
- The sender’s email address contains a suspicious domain (example: microsoft-support.com)
- I don’t recognize the sender.
- The email is unusual or unexpected– containing an embedded hyperlink or attachment from someone I don’t regularly communicate with.
To:
- I was cc’d on an email sent to a group of people I don’t know.
- I received an email sent to an unusual mix of people– for instance, where everyone’s last name starts with the same letter.
Date:
- I received an email at an unusual hour (like 2 a.m.) that normally comes during business hours.
Subject:
- Subject line is irrelevant or does not fit the message’s content.
- Message is a reply to an email I’ve never sent or seen.
Content:
- The sender is asking me to open an attachment to prevent something bad from happening or to get something valuable from me.
- The email is strange– poor grammar and spelling mistakes throughout.
- The email asks me to click on something that seems suspicious.
- I have a gut feeling that the sender’s request is fishy.
- The email asks me to look at compromising or embarrassing information about me or someone I know.
Attachments:
- Sender included an attachment I was not expecting.
- The attachment does not make sense in context of the message.
- The sender doesn’t normally send me attachments.
- The attachment has a suspicious file extension– the only file type always safe to click on is a .txt file.
A critical step in protecting your data is constantly educating your team about new hacking tricks. Sharing this type of training with team members can make a world of difference when it comes to reducing network vulnerabilities.
But having a staff that is up-to-date with the latest hacking schemes is only a piece of the puzzle when it comes to having necessary business network protection! Contact Cheryl Gholson on our team today to set up a security network assessment today.
Editor’s Note: This Page was originally posted March, 9, 2016 and has been since updated with the latest information about Phishing Attacks.