Phishing emails look surprisingly legitimate when you don’t know what you’re looking for. 74% of targeted cyber attacks come from email. In a recent FBI report, ransomware and phishing scams are increasing rapidly with over 246 million dollars compromised in 2015.
Email used to be a much safer exchange. Spam firewalls kept the bad stuff out and Sandboxing stopped zero-day threats, but gateways are blind to social engineering. Attacks are now coming in through the “back door” and able to get around security gateways.
Think of cyber criminals like super spies who watch you online. They know who you are, where you work, your online habits, and who you know. This information allows them to send you emails from a “trusted” source whether it be from a financial institution or a co-worker.
Phishing emails are designed to obtain information by having you click on a link to update financial information. Check out the example below outlining what you should be looking for.
It’s important to thoroughly check your email to make sure it says the correct information and websites. Often times, the website link will be misspelled (ie: faceboook.com, citybank.com). It’s best to hover over the link to see what it says. If you do happen to click on it, make sure it’s the correct website in the browser. If not, close the browser immediately.
In spear phishing, cyber criminals do more digging and spend time researching their highly targeted victim. The criminal stalks your personal social media profiles and websites you access before baiting you with an email that looks legitimate. The more time they spend observing your actions, the more they can send you a convincing scam you’ll fall for.
Clara was tagged in her boss, George’s photo on Facebook. The criminal then finds Clara on LinkedIn and finds out information about her job and company.
Using the information the criminal found out on social media, he sends an email to Clara from “George” mentioning the party they were both at the previous night. The criminal follows that up with a request for a money transfer.
Poor employee behavior is a greater email security concern than inadequate tools. This is why it’s imperative to educate and test your employees about proper protocol on company network, email, and devices.
Interested in training your employees and learning how to protect your company? Ask about our managed IT services, which includes cyber-security, employee training/testing as well as back-up and recovery options.
Sign up for our cyber security newsletter to receive more tips to keep you safe.
Graphics & info provided by Barracuda.