June 29, 2022
Email is one of today’s most common and most beneficial ways to communicate among your employees. But, it is also a primary tool used by attackers to steal money, account credentials and sensitive information. Phishing is the criminal practice of sending emails purporting to be from reputable companies in-order to induce individuals to reveal personal information such as passwords, bank accounts, or credit card numbers. A phishing email is likely to appear to come from a company you recognize such as Apple, Facebook or UPS, or from a person you know such as a friend or co-worker. However, upon closer examination the email can be revealed as a fake.
Unfortunately studies show that nearly half of employees don’t even know what phishing is, which leads us to our first recommendation: 1) Raise awareness among your team. Closely examining the sender of an email will often reveal phishing. The sender’s domain URL will not match what you expect. For example, see the screen shot where the password reset request appears to come from Facebook but the sender email is “facebookmail.com” (an obvious fake). Phishing emails will often also contain hyperlinks which lead to dangerous Websites. You can usually hover over any hyperlink without clicking on it to see where it leads. Phishing emails will often contain attachments which you should never click-on or open because they can damage your computer and your company’s network.
Our second recommendation is: 2) Do not allow any personal use of your company’s computers, tablets or other devices for any reason. This includes allowing employees to access their personal email – even while they are on a break. Employees who open a phishing email, click links, or open attachments from their personal email can compromise your entire network. If you are going to communicate with your employees via email, we recommend you issue them a company email address to use, and only allow that company email to be accessed via your computers.
Our last recommendation is: 3) Protect your company’s email server from threats including compromise, malware and spam. Advanced protection will examine message header data, sender IP address, and message contents for known threats and suspicious content. In-bound emails should be given a warning tag to raise employee awareness to potential phishing attacks.
According to the Ponemon Institute 43% of cyberattacks target small businesses. Don’t let your business fall victim to an attack. To learn more about this topic, contact us at firstname.lastname@example.org