The rise of phishing and spoofing schemes continues in 2019 and it is important to keep your employees informed. These types of attacks are getting more sophisticated and it is important to know what to look for, as outlined below.
To take it a step further, Security Awareness Training provides an additional layer of security for your employees by simulating these types of attacks and is just as important as having anti-virus, anti-spam or a firewall. This Managed Security best practice enables you to guard against your last line of defense, your end users.
Phishing is a scam and you are the target. It is an email that appears to come from a business or someone that you know but, in reality, it is malicious by design and seeks to obtain sensitive information (bank account numbers, passwords, financial information, etc.).
What to Look for:
- Read the email address they are sending from, i.e., if it looks like it comes from someone within your company, click on the name to verify the actual email address
- Do not open any attachments unless you verify that the email is legitimate
- Make sure that before you do anything regarding financials, your company has a verification process in place
- If anyone asks you to buy something, confirm it with them directly outside of email
- Verify anything that requires action, gives you a log-in page or provides a link within the email
- Be wary of the writing format/language, design and grammar and spelling (not all hackers live in the US)
- Click here to test yourself to see if you would open “this email” from Amazon
Spoofing is more common and is basically a forged email. It looks like it came from someone that you know or work with, but it did not. It is used by spammers in conjunction with phishing to obtain sensitive information such as credit cards, banking login details or company data.
What to Look for:
- Read the address that it is coming from
- Look for a standard signature in your organization
- Don’t trust the header from an email address; the email address in the header should match the address that it is coming from (In Outlook, select view/options to see the header; in Apple’s Mail app, choose view, message, then all headers or press shift+command+H)
- If it is in your spam folder, it most likely belongs there so don’t touch it
- Verify the source before purchasing anything
It is important to forward any suspicious emails to The TNS Group or your Managed Services Provider (MSP) to verify the legitimacy of the email and/or determine if there is any compromise with in your environment. In addition, your MSP should be able to provide informative materials on these types of schemes that you can share with employees.
As an organization, we encourage ongoing training of your employees by testing their skills in identifying a type of scheme. In today’s world, when you incorporate Security Awareness Training by randomly phishing or spoofing employees, you are heightening their awareness to what they should look for in their inbox.
Contact The TNS Group today to learn more!