We Are Being Overfished
We are on the other side of the fishing rod now. Email Phishing is a technique for attempting to gather sensitive data, through a fraudulent solicitation via email. We wanted to talk about phishing because it’s been the most prevalent type of cyber-attack since March of 2020¹. Here are a few reasons these attacks often happen. Attackers can send hundreds of thousands of emails daily with little to no effort. They look at email as a lake stocked full of fish ready to be caught. Another reason for the success of these attacks is due to the human element. The easiest way into a business is through an actual person. Then we have the largest reason, the lack of education and understanding. Almost half of the people surveyed think an email is safe when it looks like it was sent from within the company or from a vendor they use². A business can’t expect its employees to know what is safe, they must implement education/training. This will lower their chance of being hit by an attack. Email security is more than installing software, it also heavily depends on the employee knowing what to look out for.
Close to Home
We had a phishing attempt recently. The attacker changed the name of who it was coming from to pass as authentic. The email was quickly disposed of before any harm could be done, but I will tell you a few things to watch out for that came across from this email. I mentioned earlier they used an actual name to come across as more genuine, they didn’t change their email to one from the business, so that was the first red flag. Then there was the message itself; they stated they were busy in the conference room and don’t call them, they can only respond to email and to email right away. If somebody is specifically telling you how to get into contact with them and telling you to do it right away, it is likely a scam. Attackers don’t want to give you a chance to think, they want you to act quickly, so they get what they want. The last thing that stood out was the message itself. Anytime somebody from your organization is asking you to purchase something or send them something via email; unless you are expecting to send them something, it is most likely a scam. We knew what to look out for and had the right tools in place. Regardless of the business, it is imperative that adequate email security is in place and all employees know what to look out for.
What can you do?
The first thing is to understand that there is a threat. Don’t be the person who says, “I haven’t been hit yet.” Too many people think this way and that’s why these numbers are so high. You wouldn’t drive without car insurance. Your business is your life, it is just as important to protect.
Then you must get an email security plan in place. A business plans and forecasts for everything, don’t fall short when it comes to email security. Get in touch with an email security expert and they can guide you through the process. With 84% of organizations facing at least one successful phishing attack², email security must be your number one priority. These threats aren’t going to stop and will only grow in number, it’s best to be proactive and take care of it before it becomes a problem.
If you need assistance or have questions, please reach out to us at (440) 462-7720 or our website at CMIT Solutions. We will leave you with a few things to look out for to add some email security hygiene to your work/personal life. It is very important to build these security minded habits to protect yourself and your business.
- Click on the name of who the message came from to see the email address.
- Read the message, if it sounds off or weird to you, follow up with that person directly.
- Look out for somebody specifically asking you to respond via email/respond quickly.
- Don’t click on links/attachments unless you are 100% certain it is legitimate.
Sources:
1-https://expertinsights.com/insights/50-phishing-stats-you-should-know/
2-https://www.proofpoint.com/us/resources/threat-reports/state-of-phish