Email Security Tips

Cyber criminals conducting diabolical schemes to swindle companies and individuals is at an all-time high.  Plus, these criminals are becoming smarter in getting-around and penetrating all the security systems you have in place. This is why it is important that each employee be diligent when processing their email so as not to fall for their cons.

Here are some helpful tips to help you when processing your email and spotting the fake messages.

The Sending Domain

Always look closely at the sender’s email address. Particularly, the domain.  This is probably the most obvious tell of a fraudulent message. Some bad actors actually buy a legitimate domain that is one character different from a company’s actual domain to spoof the recipient.  For example, instead of Microsoft.com it could be mlcrosoft.com. I hope you see the very subtle difference.

Email Attachments

Do not click on any attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.

One of the best ways to protect yourself from malware infected attachments is using Microsoft’s Defender. This advanced service scans every attachment for malware and removes the attachment if it indeed contains malware.  If you do not have this service, please contact us and we can get this service implemented for you immediately.

Hyperlinks

Clicking on friendly or enticing hyperlinks in the body of an email can prove to be very harmful for not only your own computer but also your entire company. This is the most common way for how diabolical programs such as ransomware to infect a company’s computer environment.

Phishing

In this type of attack, hackers impersonate a real company to obtain your login credentials or personal information. For example, you may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.  So be keenly aware and never ever provide personal information or account information if requested in an unsolicited email.

Spear Phishing:

This is a very sophisticated scheme and bad actors  intensely study your company to determine the key executives. They then develop a ploy to send phishing messages, which look very real, posing as an executive to another employee.  For example, the message may appear to be sent from the CEO to the CFO and the request is to wire funds to an account or vendor.  The bad actor includes customized information that makes the attacker seem like a legitimate source. They may use your name, phone number, and refer to your company in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.  The email can look very real.

Never ever initiate a wire transfer, change account information, send / receive gift cards or any other form of currency without confirming the identity and speaking directly with the person with whom the request is coming from.

Plus, it is obvious, do not ever provide login credentials, credit card information, or bank account details in an email.

Shared Document Phishing:

You may receive an e-mail that appears to come from filesharing sites like Dropbox, OneDrive or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.

Ransomware

You hear the term ransomware in the news all the time, but you may not know what it is.  Ransomware is a malware program that infects a computer or a server and then encrypts the hard drive on the computer so that no one can access the data. The only way to decrypt or unlock the data is by obtaining an encryption key.  The criminals will provide the key once a ransom has been paid.  Typically, the demand is for payment in Bitcoin, the most popular cryptocurrency which is untraceable.

The most common way computer systems get infected with ransomware is by a single employee downloading the infectious program via email.  That is why it is most important for all employees to be aware of the signs of a malicious email.

If you are experiencing numerous SPAM, Phishing or just junk emails coming to your inbox daily through your corporate email system, then please give BlueEdge Consulting a call.   We can evaluate your current systems and recommend ways to provide a safer and more productive email system for you and your employees. You do not want your company to be the news and have to tell your customers that your systems have been compromised.