Last week I mentioned that malicious email was on the rise and I received many responses echoing that sentiment. All malicious email is trying to compromise yourself or your company, via tricking you into:
Here are 3 types of malicious emails and how to identify them.
This attack targets individuals that have access to financial information and have the authority to wire funds. The attacker send an email “spoofed” to look like it was sent by a high ranking executive and asks to have funds transferred to some financial institution.
A note about “spoofing”: Spoofing refers to emails that look like they are being sent by someone within the organization, but are actually not. These can be blocked through proper email platform configuration. If anything seems out of place, just contact the person emailing you.
One of the largest of these attacks targeted Ubiquiti Networks Inc, where attackers made off with $46.7 Million. Attackers spoofed communication from executives “in a bid to initiate unauthorized international wire transfers.”
Here are a few tips to help identify this scam:
For any large urgent transfers, just pick up a phone and ask. I think bothering an executive on vacation would be more prudent than losing millions.
We send attachments all the time, but sometimes those attachments are masquerading as malware. Yes, that pdf, really isn’t a pdf.
We recently had a client download a form of ransomware this way. Luckily, it was caught early and didn’t infect critical data, but it could have crippled their business.
How to identify:
This attack exploits our human desire to move fast. Taking an extra moment to review the email as a whole will help identify this attack and leave just one course of action, pushing the “spam” button.
The final attack may be the most dangerous because it preys on our ignorance of software systems. Usually, these emails contain a link to download a file that directs us to a login page that looks very similar to a platform we already use.
We were recently attacked like this. An email sent to our entire team had a link to download a Dropbox file. Upon hovering over the link we noticed the link did not link to Dropbox.com nor does the email look like a standard dropbox share email – a clear sign that this is not a legitimate email. Our knowledge of how our systems work empowered us to stay safe.
How to identify:
To prevent these exploits be sure to train your staff often about software features, how they work, what requires login and what does not. Looking to dive deeper or level up, here are 3 ways to protect your team from malicious email.
Relentless digital innovation has defined the last few years. The symbiotic relationship between AI and…
Browser extensions have become as common as mobile apps. People tend to download many and…
Staying ahead in business often means embracing cutting-edge technologies. New tools can unlock new avenues…
In the digital age, data is the lifeblood of businesses. It fuels operations, decision-making, and…
The integration of smart home devices has become synonymous with modern living. They offer convenience,…
Microsoft 365 has a powerful suite of cloud-based productivity tools. They can help you work…