Email remains one of the biggest cyber attack vectors.
With phishing and malware-infused emails still penetrating even the most carefully constructed network defenses, user awareness becomes even more paramount as a corporate priority.
A recent Mimecast study found one malicious link out of 50 inspected emails was able to get through security and into an employee’s inbox.
In another study conducted by FireEye, it was ascertained that one of every one hundred emails is an outright hacking attempt.
Needless to say, email continues to be a huge security concern, and the recent Emotet epidemic is testament to that. The InCare professional services team has been busy over the past several weeks containing several local Emotet outbreaks.
Cybercriminals are working at the bleeding edge of technology, exploiting such things as Windows PowerShell (à la Emotet), spoofing or hijacking email accounts to send malicious emails colleague-to-colleague, and employing heavy social engineering to make dangerous attachments and hyperlinks seem irresistible… or even mandatory. And these modern attacks are duping anti-virus and security measures and ending up in inboxes, ready to be opened and clicked.
Business owners and IT departments must educate employees on email attacks and the common signs to look for.
Common warning signs of phishing and malicious emails
Below is a sample malicious email.
Many of the hallmarks of phishing and malicious emails are present, including:
- Bogus sender
One of the first places to check is the sender’s email. The email claims to come from the company, but there is no such email for the IT team. And hcedu028 is garbage.
- Generic salutation
A generic greeting may be a sign of a mass-produced email.
- Poor grammar
If you spot grammatical errors or awkward phrasing, be on the defensive. Here, the subject line clumsily proclaims: Your Password will expires today!
- Bogus hyperlinks
Be wary of hyperlinks in emails. The URL in the body of the above email purports to be from the company website, but there is no such page.
Other things to watch out for:
Be skeptical of attachments by default. If you have any doubt whatsoever about an attachment, don’t open it and contact your IT department or the InCare help desk at 205-277-CARE. The recent Emotet attacks were carried out by macro-enabled Office documents that unleashed PowerShell commands that subsequently infected whole networks in a matter of milliseconds. One click could cost your company thousands. Don’t risk it!
- Urgent messages
Cybercriminals want to induce panic so the victim will be under duress and may perform rash actions. When you’re faced with an alarming message, take a breath and try to process things clearly. If you have any doubt, contact the sender directly via phone, a new email, or their website to verify the message.
- Requests for personal data
Any form of request for personal data is a huge red flag. Again, if you want to verify the message, contact the sender directly and not through a supplied hyperlink.
Need assistance with your IT security? Get a free consultation.
InCare Technologies, an industry-recognized managed service provider (MSP), is an expert when it comes to cybersecurity. We can assist with best practices for your email and network security, and we can help educate your team on the nuances of common modern cyber attacks.
Many of our products and services are fully managed by us, so there’s no need for you to reduce your focus on your core business.
For the ultimate in IT peace of mind, we offer InCare 360. This umbrella service covers not just your security, but ALL aspects of your IT.
Contact InCare today at 205-277-CARE or fill out the form below to schedule your free consultation.