Steps to an Effective Email Security Strategy
Email inboxes are very attractive to cybercriminals. As an easy point of access with an abundance...
Phishing scams are rampant in today’s world and are of particular concern to those concerned about their IT security.
We’ve all been there. We get emails from a friend’s account that are off—maybe they are full of strange links or requests to send them money to get them out of jail or to help that one prince in Nigeria. (For what it is worth—Nigeria doesn't even have a monarchy. They are a federal republic whose elected leader is called the President. Spoiler Alert: their President isn’t going to email you, either.) These are tell-tale signs of a hacking scam. In particular, a phishing scam though which bad actors attempt to gain access to private information.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Instead of hacking your software or devices, what they attempt to do is more sinister: they attempt to hack you.
Whereas your company’s devices and data may be well protected, your employees may not be. Knowing that the human element is your biggest weakness, social engineers often deploy phishing scams in order to trip them up, hoping to gain access to private information through a shared password. The information most at risk in a phishing attack are passwords and sensitive account information such as credit card numbers, bank accounts, and electronic health records.
Think of it as the technological equivalent of that scene in a lot of spy movies. You know the one. The bad guy is wearing a service uniform and has a lot of packages in his hands and can’t quite get the door open or reach his pass card or punch in the code. So, he nods and smiles to the receptionist and she buzzes him in. Then he whispers into his ear peace to the team in the pizza van out front, “I’m in.”
Hackers use phishing emails to “get in”. And they aren’t always as obvious as a fake mustache and a navy jumpsuit from Acme plumbing. Cybercriminals use phishing, the fraudulent attempt to obtain sensitive information such as credit card details and login credentials, by disguising as a trustworthy organization or reputable person in an email communication. They’ll look legitimate-ish.
Their messages may sound genuine, and their sites can look like the real thing. It can be hard to tell the difference, but you may be dealing with a phishing scam if you see the following:
pim's business IT solutions (bits) goal is to detect, protect, prevent, and resolve common network and system threats before they happen.
Industry data shows that network and system threats can be addressed ahead of time, downtime and costs can be dramatically reduced. Our advanced managed threat response, powered by SOPHOS, has advanced threat hunting, detection and response capabilities that takes action to neutralize threats.
BITS helps to achieve maximum computer system productivity while reducing the burden of day-to-day IT management through system management services (SMS), help desk support, assets reporting and management, monitoring, and encrypted remote tools.
We cannot stress this enough. Your employees are not only your weakest link, but also your greatest strength. When your team is equipped with information, they will be wiser and more apt to recognize phishing scams and not click suspicious links.
Remind your employees of the following email best practices:
Pim offers a phishing campaign wherein a sample of employees are tested after which you will receive a report with our recommendations.
By working together with your employees and trusted IT security professionals, you can reduce your risk of falling prey to phishing scams.