Phishing & Your Business

 

Security issues like phishing have been around as long as email. Despite this, most businesses both large and small do not take the steps necessary to protect their businesses from attacks. Phishing emails are by far the most prevalent form of a Ransomware attack.

As scammers get more sophisticated, phishing emails are becoming more official in nature and harder to spot. Recently, some of the bigger phishing frauds have been impersonations of giant companies such as; Office 365, MailChimp, FedEx and UPS. In all of these attempts, the alleged sender of the email is well known to the recipient. This sense of comfort with the purported sender leads the recipient to drop their guard and click on links or open attachments resulting in an infected PC and/or company network.

CoreFirst Bank & Trust is dedicated to providing your business with the tools it needs to stay safe from this and other fraudulent activity. Take a minute to review how you can stay on top of phishing attempts.

 

What Do These Terms Mean

  • Spam – Email messages that arrive in bulk.
  • Phishing – Manipulates end user to divulge personal/business information or entices them to click on malicious links or attachments by use of a phony email or website.   
  • Spear Phishing – A targeted attack that is focused on an organization or business where emails are sent under a guise of a known, trusted sender in order to obtain information to commit fraud.

 

How Do You Identify an Email Attack

Phishing emails are getting harder and harder to spot. Cybercriminals have heightened their game so they aren’t as detectable. Make sure to carefully scrutinize any email that has the following calls to action:

  1. Any type of “reply”, this includes unsubscribe messages
  2. Hyperlinks to click, this includes unsubscribe messages
  3. Attachments to open
  4. The request to forward the email  
  5. Encouragement to ‘act now’ or something negative will happen

Often the cybercriminal words the messages so that you complete the above actions. Be extremely cautious of messages that appear crucial and elude to a negative consequence if action isn’t taken. You also need to watch for emails that claim problem resolution by clicking a link or completing another action.

Be Cautious Of Everything in an Email

Phishing attack emails seem innocent in nature, but by educating yourself and your staff you can mitigate the chances for a phishing attack on your business. Make sure to hold email training sessions with your team so they know what to look for. In most cases of fraud and network takeovers, the viruses were implanted because an employee clicked on something they shouldn’t have in an email.

Here are just a few of the ways the criminals can get your staff to unwittingly engage their cyber threat.

  • From Address Line – The address can be forged and may look right but is not legitimate.
  • Web Links – A link can say anything in the email message, but actually be something very different. Get in the habit of hovering your mouse over the link to verify where the link is actually taking you. If you still aren’t sure, don’t click it! 
  • Files – Word, Excel, PDF and other files can contain hidden malware. If you are not expecting a file from the sender do not open it.
  • Be Vigilant - If you don’t know the sender or aren’t expecting an email never click on links or open attachments.

 

 

Email DOs & DONT's

    • Check the from line for validity it could be altered
    • Watch for extensions with double extensions, phishing.txt.exe
    • Suspicious activity in your inbox should be reported immediately to your IT Department
    • Check and double check URLS. www.micrsoft.com and www.support-microsoft.com are not the same 
    • Never open an email attachment that ends with .exe, .scr, .bat, .com, .zip or other extension you don't recognize
    • Avoid clicking links in email messages without hovering over them first to verify the URL
    • Try not to unsubscribe - deleting the email is easier than dealing with security issues
    • Responding to spam is never a good idea - just delete it

Email Red Flags

There are a lot of red flags that can signal that an email is not legit. We have created an email red flag infographic to help you and your team spot fictitious emails.