Spotting a bad email is a daunting task, especially for an employee with more pressing matters. Questionable emails are cluttered with wording in small type and display fancy designs. They bait you into believing you’re in trouble or hit the jackpot. For example:
Your mortgage payment is past due. Please click on the link below to make a payment and avoid late fees.
Fill out this questionnaire and receive an Amazon gift card.
Your Netflix subscription will be terminated immediately if you don’t make payment.
Enjoy a free donut with the purchase of a coffee at Dunkin Donuts.
Social engineering is hackers’ most valuable weapon. Choosing emotion instead of logic to make decisions rarely results in positive endings. It’s challenging to overcome, and costly when exploited.
Emails are delivered in bulk, and dangerous ones hide in plain sight. It’s an advantage more unfair than a blackjack dealer’s in a Las Vegas casino. The emails come in many forms. Microsoft Office 365 might need attention, but by the time you click on the link, you notice the message was sent from @microsft.com. The damage has been done. Your computer is blinking and making disturbing sounds. You can’t disconnect from your company’s network soon enough. But it’s too late, and it’s time to face the consequences.
How can users avoid this scenario?
- Check the sender’s email address. Criminals often will create an email address that appears to be from a popular business but has a slight alteration.
For example: @amazn.com, @gmal.com or @facbook.com.
- Slow down. Hackers will fool users into submitting personal or company information by insisting an urgent response is necessary.
- Don’t get faked out. Hackers will ask a user to confirm an account. It could be social media, banking or credit card. A hyperlink normally would be embedded in the text that could lead to an attack. A user can learn the legitimacy of the link by hovering over it with a mouse. If the verbiage doesn’t match, don’t click on the link.
- Get personal. Many phishing emails are sent in abundance and are not specifically sent to the user receiving the message. If you are addressed as “user,” “customer” or “account holder,” it’s a likely a phish.
- Keep it clean. Be alert for misspellings and poor grammar in the body of the email.
Apogee IT Services partners with KnowBe4, a leading security awareness organization that provides phish testing and training for businesses. Let us assist you in reducing the odds an employee will fall victim
to a scam.
Don’t get hooked, when you could have been helped.
To discuss security strategy, email Security Analyst Frank Verdecchia at firstname.lastname@example.org or fill out the form below!
Apogee IT Services is Managed Service Provider with offices in Pittsburgh, PA, Boston, MA, and Toronto, ON. Apogee provides Managed IT Services to more than 300 businesses across the Northeast with a focus on legal, manufacturing, financial services, non-profit, and many other industries. Technology services include hosted cloud services, proactive IT management, multi-layer security including data backup and disaster recovery, 24/7 monitoring and alerting, Help Desk and end-user support, network planning and design, and IT roadmapping, among others.