Email is the primary method of communication in today’s electronic world – and the primary way that cyber-attackers target organisations. Everyone who works within a business is at risk, so it is vital to learn how to distinguish malicious emails from legitimate day to day business communications. Here are some of the more common email threats your business might encounter.
Phishing attacks are emails designed to trick you into revealing sensitive personal information. This is achieved by posing as an individual or organisation that you already have a relationship with, such as PayPal or your bank. Phishing emails normally include suspicious URLs which take you to a fraudulent website that appears to be legitimate.
Protecting yourself from phishing attacks
• Ensure that the email addresses you by your name (not ‘Dear Customer’ or other variation)
• Check for spelling errors and uncommon terminology
• Always hover over the URL to ensure it goes the website you expect
• Never enter personal information or captcha codes into a website unless you are absolutely sure it is legitimate
Spear Phishing Attacks
Spear phishing attacks, also known as CEO Fraud or Business Email Compromise, are different from traditional phishing attacks in the sense that they target specific individuals, usually following a period of reconnaissance.
In many cases these attacks are directed at employees working within finance or accounting roles. The staff member will receive an email from a trusted source, such as a CEO or business executive, requesting a bank transfer often discreetly and with a sense of urgency. Attackers often fake the source address and copy the style and language of a real email, to make it appear genuine.
Protecting your business from spear phishing attacks
• Ensure your staff are aware of these types of scams
• Always confirm financial transactions using a second method (e.g. phone or in person)
• Look at the language used in the email – fraudsters may use unusual or uncommon terminology
• Implement processes that involve cross referencing or a second signoff for large payment transfers
• Ensure passwords are complex to prevent scammers gaining access to your system
The threat from malware is greater than ever. Infections are capable of encrypting all of the files on your network and potentially bring your business completely offline. Malware is most commonly spread via malicious attachments:
ZIP files are very useful for compressing and sending multiple documents. They are also very useful for attackers to bypass anti-malware scans as they can hide the true contents of the files.
Many cyber infections rely on unsuspecting users opening the document contained within the ZIP, thereby running a program that delivers the malware to your computer.
Attackers may attempt to send Word or Excel documents that contain a piece of code called a macro. Macros are small reusable instructions that automate a particular task within an application such as Microsoft Word.
Cyber criminals have exploited this functionality to write malicious macros, which can damage your system and steal your data. These macros can be difficult to detect and look like regular office documents, which makes them easy to distribute.
Protecting your business from malware attacks
• Always exercise caution when opening attachments
• Be suspicious of ZIP file attachments as the true contents are hidden
• Never enable macros in a document unless it is from a trusted source
Our world is today more connected than ever and the importance of cyber security awareness cannot be stressed enough. Protect your organisation’s data, infrastructure and reputation by educating employees and implementing best practices to increase resiliency and minimise risk.
For more information about IT security, contact the TechPath team.