In this video, we’ll introduce you to a few ways in which scammers are using email to quickly and easily collect your personal information for financial gain.
We’ll also provide a few tips to easily protect you and the company from becoming their next victim. Each threat reviewed in this training module has in fact occurred within the organization over the past few months so be sure to take note as it could happen to you!
Spam:
At some point in your professional career, you’ve probably heard of the term Spam, but what is it and why is it classified a threat? According to the dictionary, spam is defined as unsolicited messages such as an email that is sent to a large number of recipients.
Although some spam emails may be used to market legitimate products, clicking on them can often open up Pandora’s box of risks, each focused on stealing your personal information.
Unfortunately, no one can completely stop all spam, but there are tools available to help slow it down. Here at Service Sanitation, we utilize Barracuda as our spam filter===. This software program quietly works behind the scenes, scanning every inbound and outbound email for suspicious threats. When a spam threat is identified, it’s put into a quarantine.
To access your quarantine, a summary email is sent out in the morning and evening each day, giving you the opportunity to ensure the right emails were kept out of your inbox. If something was misclassified, you can simply allow it through. As a new employee within the organization, it may take some time for you to receive a Spam Filter notification, but as time goes on, you’ll start to receive them more frequently. Be aware though, Barracuda does not catch all spam though so you still need to be cautious when opening an email from an unknown sender.
Whenever possible, always avoid opening spam emails. Sure, the subject lines may be witty, applicable, or downright enticing, but scammers always have read receipts on the emails they send. This means that once you open the email, they know they tricked you into opening it. Now they can come after you using other tricky tactics.
Phishing:
Once a hacker has identified an email to be valid, they’ll look to gain personal information such as passwords, bank accounts, company records, or other things that can be used to exploit you and us for financial gain. This is often referred to as phishing.
Phishing is when a hacker creates a deceptive email such as bait, posing as a legitimate company, service or individual. They’ll then strategically cast this bait to a wide audience, requesting that you urgently do something. This urgency can create a sense of anxiety, often causing you not to question things that you might otherwise question.
If you fall prey to their trap, they can quickly gain access to important information they could use to steal your identity, gain access your accounts, or continue other forms of targeted attacks.
Spear Phishing:
Spear phishing is a more directed approach to phishing, used to sneak past spam filters and everyday email users alike. In fact, according to Trend Micro, more than 91% of cyber-attacks begin with this tactic. Unlike regular phishing where hackers go after many victims for a small reward, those who spear phishing will go after a smaller number of high value victims.
To do this, hackers will do their homework before attempting an attack. They’ll collect information tied to your company, or to you personally, from research they’ve collected from spam emails or even ---social media. These spoofed emails will look like they came from a manager, colleague or vendor using authentic logos and email signatures. They’ll often sneak past spam filters and into your inbox where they can quickly trick you into giving away confidential personal or business information.
How to Protect Yourself:
So how do you go about protecting yourself from these malicious attacks? Here are four things you should be on the lookout with before taking any action on an email.
- Check the Sender Info: One of the easiest ways to spot a phishing email is to check the sender’s name and email address. To do this, you’ll need to look at the header of the email. It should always have the person’s name and valid email address listed. Sometimes hackers will try to hide the email address by masking it. For example, a t first glance this email looks like it came from our business college Brent, but when you click into the domain name, it has nothing to do with Brent at all. Delete immediately!
- Check for Grammatical Error: It’s important to note that hackers will often reside in other counties where English may not be their primary Therefore, if you come across an email with any amount of grammatical or spelling errors you NEED to question it.
- Question Links: Before clicking any links in an email, always hover over them to verify the URL listed will take you to the intended website in which they claim. For example, if you receive an email from UPS and you hover over the link, you’ll notice a bogus URL here. By clicking this link, there’s a good chance you’re headed down a dark path. Do NOT click it.
- Question Attachments: It's critical that you NEVER open an email attachment if you can’t confirm who the email is from. Excel files, PDFs, even image files may contain something malicious that can immediately infect your computer upon opening. Always proceed with extreme caution! This could wreak havoc on your computer, your phone, and potentially the entire organization.
Let’s review, it’s important that you always review the sender information to make sure the email is from who they say they are, take notice of basic grammatical errors, question links before clicking, and never download an attachment from an unknown person.
If something seems suspicious contact your IT manager or the “supposed” email sender to ask if they sent the email. If they did not, delete the email immediately and let them know they should change their email password and security questions because they may have been - breached. Additionally, always contact IT if you believe you accidently clicked a malicious link or downloaded a suspicious email attachment so the threat can be reviewed and neutralized. By following these basic tips, you should be covered when the next attack comes your way.