Category: Email Security

Fact or Fiction? Tech Myths Explained

You’ve likely heard them all before – Mac computers can’t get viruses, incognito mode is private, and cybercrimes are committed by teenagers in basements. While there are some tiny nuggets of truth in these, they are mainly tech myths!

The reality is Macs are just as susceptible to cybercrime and incognito browsing isn’t entirely anonymous. Let’s take a closer look at the most common tech myths you can stop believing!

Incognito Mode Browsing is Private

Do you feel a bit safer using incognito mode when browsing the internet? You are not alone. Many people believe that using incognito or private browsing mode makes their online activities completely private, but this is a common tech myth.

While incognito browsing can help protect your privacy in some ways, it does not offer complete anonymity! Remember: incognito does not mean anonymous.

Here are several reasons why incognito browsing may not be as private as you think:

Your internet service provider (ISP) and network administrator can still see what sites you visit. When you use incognito mode, your browsing history is not saved on your computer or device, but it is still visible to your ISP and network administrator. This means that if someone really wanted to track your online activities, they could still do so by analyzing your network traffic.
Websites can still track your browsing activity. Incognito mode only prevents your browser from saving your browsing history, cookies, and form data on your device. However, websites can still track your browsing activity using other techniques.
You may accidentally sign into an account. If you log in to an account while using incognito mode, your activity on that account is still tracked and logged by the website. This means that if you log in to your Google or Facebook account while using incognito mode, your activity on those accounts is still recorded by the website.

Overall, while incognito mode can be helpful in certain situations, it’s important to remember that it does not offer complete privacy protection. If you want to protect your online privacy, consider using a virtual private network (VPN), a privacy-focused browser, or other privacy protection tools and techniques in addition to incognito mode.

Angsty Teenagers Commit Cyber Crimes

Hollywood has created the “angsty teenager turned cybercriminal” stereotype, but this is largely inaccurate and does not reflect the reality of cybercrime.

Most cybercriminals are adults who are highly skilled in computer programming and have knowledge of the latest technologies and security vulnerabilities. Cybercrime is a serious and complex issue that requires sophisticated techniques and tools to accomplish, which often requires years of experience and training.

Additionally, cybercrime is not limited to hacking and other technical attacks. It includes a wide range of criminal activities, such as identity theft, phishing scams, online fraud, and even cyberbullying. These crimes can be committed by anyone, regardless of their age or technical expertise.

Mac Computers Can’t Get Viruses

Many people believe that Mac computers are immune to viruses and other types of malware, but this is a common misconception. While Macs do have some built-in security features that make them less vulnerable to certain types of malware, they can still be infected with viruses and other malicious software.

Here are a few reasons why Mac computers can still get viruses:

Macs are not invincible. While it is true that Macs have historically been less targeted by hackers than Windows machines, this is changing as Macs become more popular and valuable targets. In recent years, there has been an increase in the number of malware attacks targeting Macs, including viruses, adware, ransomware, and other types of malicious software.
Mac users are still vulnerable to phishing attacks. Phishing attacks are a common way for hackers to gain access to Mac computers and other devices. These attacks use social engineering techniques to trick users into revealing their login credentials or downloading malware onto their devices. Mac users are just as vulnerable to these types of attacks as Windows users.
Third-party software can introduce vulnerabilities. Even if the Mac operating system is secure, third-party software such as web browsers, plugins, and other applications can introduce vulnerabilities that can be exploited by hackers. It’s important to keep all software up to date with the latest security patches and updates to minimize the risk of infection.

Overall, while Macs may be less vulnerable to certain types of malware compared to other operating systems, they are not immune to cyber threats. It’s important for all computer users, regardless of their platform, to take cybersecurity seriously and to implement strong security measures to protect against malware and other types of cyber threats.

More Signal Bars = Better Cell Reception

Have you ever been frustrated with your cell service even though you have “full signal bars?” Having full signal bars doesn’t always mean you will have good cell reception. The number of bars displayed on your phone is just an estimate of the signal strength in your area. Cell service depends on many different factors.

Here are some reasons why more signal bars do not always mean better cell service:

Distance from the cell tower: The farther you are from a cell tower, the weaker the signal will be, even if your phone displays full bars. This can cause dropped calls, slow data speeds, and other issues.
Obstructions: Buildings, trees, hills, and other obstructions can block or weaken cell signals, even if you are close to a cell tower. This can result in poor call quality, slow data speeds, and other issues.
Interference: Other devices that use radio frequencies, such as Wi-Fi routers and baby monitors, can interfere with cell signals and cause disruptions to cell service.
Network congestion: If there are too many people using the same cell tower at the same time, this can cause network congestion and slow down data speeds, even if you have a strong signal. If you’ve been to a Penn State football game you’ve likely experienced this! On the days leading up to kickoff, the cell service in State College works just fine! Game day? It’s likely hard to make a call or send a text message.

Overall, while more signal bars can indicate better cell service, it’s important to remember that this is not always the case.

Deleted Files are Gone Forever

When you delete a file on your computer, it may seem like the file is gone forever, but in reality, it’s still there. When you delete a file, your computer only removes the reference to that file from the file system table, which is like a map of where all the files on your computer are located. The actual data of the file remains intact on the hard drive until it is overwritten by new data.

This means that if someone wanted to recover a deleted file, they could use special software to scan the hard drive for traces of the file and piece together the data that was not yet overwritten.

There are several ways to securely delete files, including using special software designed for this purpose or simply overwriting the file multiple times with random data. By doing so, you can ensure that the deleted files are truly gone and cannot be recovered.

Cell Phones Can’t Get Malware

Most people believe that cell phones cannot get malware because they think that mobile devices are inherently more secure than computers. The truth is cell phones and other mobile devices can be just as vulnerable to malware as computers.

In fact, many types of malware are specifically designed to target mobile devices, such as smartphones and tablets. Malware can be spread through malicious apps, infected email attachments, text messages, and even through the phone’s web browser.

It’s important for users to take steps to protect their mobile devices from malware, such as using reputable antivirus software, avoiding suspicious downloads and links, and being cautious when downloading apps or granting app permissions.

Scanning Potential Spam Emails is Safe

Scanning a spam email can still be dangerous even if you don’t click on a link because some types of malware can be triggered simply by opening or previewing an email. This is known as a “drive-by download” attack, where malware is automatically downloaded onto your computer or device without your knowledge or consent.

While most email clients and antivirus software are designed to prevent drive-by downloads and other types of malware attacks, some types of malware are designed to evade detection and can still infect your system.

Another form of spam email that can be dangerous even without any interaction on your part is an “email bomb.” An “email bomb” is a type of cyber attack where an attacker sends a large number of emails or attachments to a targeted individual or organization,with the goal of overwhelming their email system and causing it to crash or become unresponsive.

Bottom line: even if you don’t interact with a spam email, it could still cause damage to your computer or even your entire organization.

Tech Truths from Everound

At Everound our team of IT professionals stays up to date on the latest tech truths – and tech myths – so our clients don’t have to. If you own a business and aren’t sure what to believe when it comes to your information technology, give us a call or reach out online with any questions – we are here to help!

Some tech myths can be harmful to an organization and it’s our goal to help business owners protect their companies with the right IT infrastructure and processes. Let us focus on your IT so you can focus on your business.

Know the IT Risks of Working Remote

The push towards remote work exploded over the last three years and has opened up many benefits for both employees and employers. Employees enjoy more freedom to get their jobs done almost anywhere and employers can reduce their overhead expenses and hire talent from across the country or globe.

Remote work, however, does come with some risks, especially when it comes to IT. Workers who hit the local coffee shop for an hour or two increase their cybersecurity risk when connecting to public Wi-Fi. Working in a public place also opens up employees to other kinds of vulnerabilities including traditional theft.

What are the security risks when working in a public place? And how can business owners reduce the risk for a remote workforce? Let’s take a look.

Common IT Risks When Working Remote

When working anywhere other than the office, it’s safe to assume there are increased risks to employees’ information technology security. Employees working remotely can directly expose work computers and networks to cybercrime such as hacking and phishing.

What threats and IT risks do employees and employers face? Here are the most common IT risks when working in a public place:

Unsecured Networks

When working at a coffee shop, library, or another public place, it’s tempting to open your laptop and connect to the free Wi-Fi offered. Connecting to a public network though is one of the easiest ways to fall victim to a cyberattack.

Nearly 25% of all public Wi-Fi hotspots do not have encryption or protection, meaning anyone near the access point has an easy way “in” to the network and can steal data. The risk isn’t only for laptops – research shows that 40% of mobile devices used for work are exposed to a cyber attack within the first four months of use.

Evil Twin Attacks

An evil twin is a fraudulent or fake public Wi-Fi set up by a cybercriminal. Essentially, the cybercriminal capitalizes and preys on remote workers and sets up a Wi-Fi hotspot that looks legitimate but is actually bait to steal sensitive information from users. When users connect to the “evil twin,” all of the sensitive data shared on the network passes through a server controlled by the attacker.

Prying Eyes

Public spaces are just that – public – and don’t offer the same privacy as a home office. When working in a public space, you are at risk for prying eyes, or “shoulder surfers,” who can steal data displayed on a laptop screen. Skilled shoulder surfers can steal passwords, PINs, among other kinds of information directly off of a laptop screen.

Traditional Theft

Most workers get up and stretch their legs or get a cup of coffee several times a day. When workers do this in a public place – even for just a few seconds – criminals can swipe work laptops and personal devices. While uncommon, this is a risk employers should consider when utilizing a remote workforce.

These are a few of the many cybersecurity risks when working in a public place. With some planning and intention, there are ways to minimize security risks for a remote workforce.

How to Reduce Security Risks

Working in a public place can present cybersecurity risks if proper preventative steps are ignored. To minimize IT security risks when working in public, it is important to never leave devices unattended and to disable any devices that must remain out of sight or not in use when not attended.

Here are some best practices to help reduce the risks of working in a public place:

Provide team members with separate work computers: When you provide computers and mobile devices to your team, your IT professionals can configure settings to minimize cyber risk. Furthermore, work computers can be monitored remotely to stay ahead of any risks such as phising and other social engineering cyber attacks.
Use personal hotspot device: Refrain from connecting to public networks or Wi-Fi as data can be exposed on these unsecured networks. Instead, connect to a personal hotspot device. Personal hotspot devices are a better alternative to public Wi-Fi and are an affordable piece of hardware that gives peace of mind employees are on a safe network.
Use a VPN: If team members must use public Wi-Fi, having a virtual private network, or VPN, is critical for online security and safety. A VPN creates a secure connection between the computer and the computer network and protects online privacy. VPNs encrypt internet traffic and make it difficult for hackers to track online activities and steal data.
Use strong passwords: While it may be repetitive to hear, the first line of defense against cybercrime is a strong password. Weak passwords, or using the same password across multiple sites and devices, make employees easy targets. Use passwords that are at least 12 characters, including symbols and numbers, and are unique to each site or device. Password managers can make this process easier for team members.
Provide team members with laptop cable locks: Laptop cables work the exact same way as bike locks – the cable connects to the laptop and then around a stationary object such as a table leg. The locks can only be unlocked with either a key or a code.
Employ a comprehensive cybersecurity program: If you’re employing a remote workforce, it’s absolutely imperative to have a comprehensive cybersecurity program in place that addresses phishing scams, malware, viruses, and other cyber threats. Your IT team should develop and implement a plan that includes endpoint protection, network security, email security, and dark web monitoring.

Following these tips and best practices can help reduce IT security risks for your team members when working in a public place. Unsure where to start or how to implement these solutions? Contact us today for a free cybersecurity audit.

Remote Workforce Cybersecurity Solutions from Everound

As a managed IT services provider, Everound understands the challenges business face with cybersecurity. Whether you have an entirely remote workforce, an “in-person” team, or a blend of the two, we can help you develop a cybersecurity plan to protect your team members both in the office and when they are working in a public place.

Cyber attacks can paralyze a business – don’t wait until AFTER an attack to improve your cybersecurity. Contact us today for a free review of your current cybersecurity infrastructure and a recommended path forward to protect your company from a cyber attack.

Phishing scams are nothing new and are one of the biggest cyber threats to a business. According to Proofpoint, more than 80% of companies were targeted by phishing cybercriminals in 2021. Do you know how to spot phishing attempts at your organization?

Understanding the different types of phishing strategies is the first step to stopping them from infiltrating your organization. Let’s examine the different types of phishing attacks, ways to spot them, and how to block phishing emails.

Types of Phishing Attacks

What is phishing? Phishing is an email or text message scam that tricks users into providing personal information either by clicking on a link or opening an attachment. The emails or text messages appear to come from someone the recipient trusts, either a supervisor, colleague, or in some cases, a family member.

Not all phishing attempts are the same, and there are several different ways a cyber thief can deploy a phishing attack. The most common types include:

Deceptive: Deceptive phishing is the most common type of scam. In this method, attackers impersonate a company the user is familiar with to steal personal information or data. The emails may look real and even include legitimate links to trick the user into falling for the scam.
Spear: Spear phishing is a more targeted type of a deceptive phishing attempt. With spear phishing, the criminal will specifically target an individual with personal information they can find on the Internet. A spear phishing email may contain the user’s full name, place of employment, job title, email address, and even specific information about their role at their company.
Whaling: Whaling is similar to spear phishing, however, targets senior leadership such as the C-suite. With whaling, scammers impersonate the CEO, CFO, or another high-level team member with the hope the recipient will “follow orders” from a superior. The requests are typically to complete a financial transaction or respond to the email with personal information.
Smishing: Smishing is a type of phishing attack that uses text messaging rather than emails, but the goal is still the same – to get a user to click on a malicious link or provide personal information. Many phishing criminals will send text messages disguised as a bank and claiming there was suspicious activity with the user’s bank account or credit card.
Vishing: Vishing is much the same as smishing, however, the platform switches to a phone call rather than a text message. Senior citizens are particularly at risk for vishing attacks. The caller will pose as someone in an authoritative position to be able to obtain bank account numbers, credit card information, and more.
Pharming: As users have become more aware of email phishing, fraudsters have changed their strategy to include pharming. With pharming, users are redirected to a fake or “spoof” website that essentially appears to be a real website. The fake sites are designed to capture a user’s personal information such as their social security number, website credentials, account numbers, and more. Pharming is implemented when the hacker sends malicious code in an email that redirects traffic to the fake website.
Angler: Angler phishing is a fairly new type of phishing attempt that targets social media users, particularly ones who are frustrated with customer service at a financial institution. The cybercriminal will pose as a customer service rep for the company and respond to a complaint using a handle that includes the name of the institution. The fake account will attempt to “resolve” the complaint and ask the user to click on a link to talk to an agent. Once the link is clicked, the fraudster can install malware on the user’s computer or steal business data.

While there are different methods of phishing, they all share the same goal. The email (or text message or phone call) may ask for a password, billing information, credit card numbers, or other sensitive data. Once the information is shared, hackers can infiltrate a company’s network and steal information or deploy malware. Phishing is a real risk for all sizes of organizations, from small businesses to large enterprises. If you are concerned about phishing attempts at your business, a cybersecurity team like Everound can help.

How to Spot Phishing Attempts

how to spot phishing attempts It’s more than likely that you have been the target of a phishing attempt either at work or at home. Were you able to spot it as suspicious? There are “red flags” to watch out for when determining if an email is real or a phishing attempt.
Here are ways to spot a phishing attempt:

Unfamiliar tone: Does the email from your friendly coworker down the hall come off as cold and monotone? Chances are, the email is a phishing attempt. Hackers don’t understand tone very well and some phishing emails are even written by bots. If the content in an email feels a little “off,” make sure you verify the sender actually sent you an email.
Spelling and grammatical errors: Most email platforms have a built-in spell check feature for outbound emails. If an email contains several spelling and grammatical errors, it may be a phishing attempt.
Inconsistencies with an email address, links, or domain: Another easy way to spot a phishing attempt is to look for inconsistencies with the domains in email addresses or links. For example, if you hover over a link in an email from your “bank” and the URL doesn’t contain the bank name or trusted domain, that’s a huge red flag.
Threats or a sense of urgency: Threats or a sense of urgency are often used in whaling. Your “CEO” may be busy in a meeting and ask you to quickly take care of sending a payment to a vendor. If you receive an email that feels out of character, is threatening, or creates a sense of urgency that is uncommon at your business, this is likely a phishing attempt.
Suspicious attachments: Attachments sent via email should always be opened with caution. Attachments can contain harmful viruses and malware that can infiltrate an entire organization quickly causing financial damages. If you receive an email with an extension such as .zip, .exe, .scr, etc., or another unfamiliar extension, be very cautious about opening it. Check with the sender by phone to see if they sent you a safe attachment.
Odd request: Did you get an email with a request to do something that is not within the normal scope of your job at work? Or perhaps an off-hours text message from your “boss”? Did your IT team send an email with an attachment and you weren’t expecting it? Odd requests are a sign of a phishing attempt.
Short and sweet: Some phishing emails are full of content and detail, and others are short and sweet. If you receive a message with a short note like “Per your request” or “As a follow up…” however didn’t request or need anything from the user, do not click on any links or open the attachment.
Request for a password or other sensitive information: This is by far the easiest way to spot a phishing email – when the requestor asks for a password or other sensitive information in an email. Passwords, bank account information, and personal data should never be shared via email. A savvier attempt is to send the user to a fake landing page and ask the user to enter their credentials. Remember – banks, financial institutions, and other reputable companies you do business with will not request your credentials via email or their website.

Learning how to spot phishing emails can reduce your risk of a data breach or other cyber threat. Phishing emails are always a little bit “off” and are suspicious. If you are unsure if you can tell the difference between a real email and a phishing scam, working with a cybersecurity team can help.

How to Block Phishing Emails

The first line of defense against phishing emails is learning how to spot them. Your information technology team is likely also implementing several strategies to block phishing emails all together.

How can you block phishing emails?

Security awareness training: Phishing attempts all rely on one thing – human interaction. You can reduce your threat and risk of being a target of phishing emails by implementing regular security awareness training at your organization. There are also phishing simulators that can send suspicious emails that are actually harmless to see if employees would fall for a phishing scam.
Anti-spam, anti-malware, and anti-phishing software: There are several cloud service software packages that include anti-spam, anti-malware, and anti-phishing support. This technology can identify and stop phishing emails before they even get to a user’s inbox.
DNS authentication services: DNS authentication services that include SPF, DKIM, and DMARC protocols help prevent fake websites (spoofing) and impersonation. With DNS authentication, users are blocked from visiting sites that are flagged malicious by the software.
Anti-impersonation technology: One of the cornerstones of phishing attacks is the criminal’s use of impersonation. Anti-impersonation technology scans inbound emails and detects abnormalities in headers, domains, and suspect body content.

Cybersecurity Services from Everound

At Everound, we make it our business to protect our clients from phishing and cyberattacks. As a managed IT services provider, we offer comprehensive cybersecurity solutions to protect organizations from phishing, data breaches, dark web threats, malware, viruses, and more.

Unsure if your business is protected and able to sustain a cyber threat? Reach out today for a free cybersecurity audit. We will take a look at your current IT infrastructure, assess vulnerabilities, and work with you to come up with a robust cybersecurity plan. Let us focus on your IT, so you can focus on your business.

Ransomware attacks are on the rise and are making national and global news headlines and for good cause. In 2020, there was a 150% increase in attacks and a 300% increase in the amount of ransom paid. This increase does not appear to be slowing down either. To date, the amount of ransomware attacks in 2021 has surpassed all of last year. What is contributing to this increase?

While there are several factors that have contributed to the increase, one main reason was the immediate shift to remote work during 2020. Almost overnight, many businesses went 100% remote without a cybersecurity plan in place. Workers were utilizing their personal computers and laptops and logging on from home on unsecured VPN networks rather than connecting at the office through a secure network. Cybercriminals were able to exploit security weaknesses at both large and small businesses.

Do you know your risk for a ransomware attack at your business? Let’s take a look at how ransomware attacks have changed, who is at risk for an attack, and ways to reduce your risk.

More Sophisticated Attacks

How Ransomware Attacks Have Changed

When you think of a ransomware attack, you may think of a lone person sitting in a dark basement hacking into a company’s network trying to gain access to sensitive information. The hacker gains access to the company through phishing emails and once in the network, deploys malware that encrypts servers and sensitive company data. While this methodology still occurs, the entire process has evolved, is more organized, and is a massive, profitable business.

While there are still ‘lone wolves’ executing ransomware attacks, most data breaches occur at the hands of a group of sophisticated, strategic cybercriminals. These organizations, usually located in eastern Europe, are extraordinarily adept at infiltrating a company’s servers and planting ransomware. They extract as much sensitive company information as possible in order to demand ransom payments.

Another factor in the increase of ransomware attacks is ransomware-as-a-service (RaaS). Think of RaaS as a franchise model for ransomware attacks. Large-scale, organized groups of cyber criminals, such as DarkSide and REvil, franchise their capabilities such as encryption tools, communications, and ransom collections to independent hackers in exchange for a percentage of the collected ransom. This model has allowed ransomware attacks to be outsourced across the globe.

Is Your Business at Risk?

Who Is at Risk for an Attack?

Ransomware is a profitable business and ransom demands have escalated over the last two years. It’s no surprise that attackers are targeting large organizations who are likely to pay a ransom rather than have their business frozen for more than a day or two. Several different industries have been targeted recently including healthcare and critical infrastructure. The highly visible Colonial Pipeline attack crippled the company and the fuel supply chain on the East coast.

While large-scale ransomware attacks have made the news, there are many more that do not make national headlines. Small organizations are also at risk for an attack, especially by bots programmed to use a ‘shotgun approach’ at ransomware. These bots will scan thousands of company websites looking for email addresses, social media profiles, and any other personal data to use in a cyber attack.

Ransomware attacks are hitting close to home in Central Pennsylvania. Last year, the Duncannon borough in Perry County paid tens of thousands of dollars to hackers who held municipal data hostage. Although service was uninterrupted, the borough’s e-files, data, and emails were encrypted, and backup systems were compromised.

The bottom line – almost any organization is at risk for a ransomware attack. If you are a business owner, how do you reduce your risk for a cyber attack?

Start with Preparation

How to Reduce Your Risk

The best way to reduce your risk of a ransomware attack is to prepare for one. When you go through the process of preparing for a cyber attack, you will identify potential vulnerabilities and be able to address them prior to an attack.

Here are some key ways to prevent ransomware:

Create an incident response plan: A cybersecurity incident response plan helps companies prepare for, detect, respond to, and recover from cybersecurity incidents. The plan should address issues like malware detection, data theft, and service outages.
Invest in cybersecurity insurance: Cyber insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. It generally covers your business’ liability and helps in recovering compromised data. If you do not have cybersecurity insurance, your IT department, legal department, or your managed IT services provider can help you procure insurance.
Set up a secure texting channel: One of the first casualties of a cyber attack is internal communication via email. To ensure senior leadership can communicate without access to email, set up a secure texting app.
Use multifactor authentication (MFA): MFA is an electronic authentication process where a user is granted access to a website or application only after successfully providing two or more pieces of evidence to an authentication mechanism. MFA processes reduce the risk of ransomware since it creates an additional barrier to access of data.
Provide regular cybersecurity training: Most network weaknesses and cyber attacks are caused by human error. Regular cybersecurity training can drastically reduce the risk of an attack.
Consult with a cybersecurity company: Cybercriminals have years of training and prep to be able to be successful at what they do and one of the best ways to stay ahead of an attack is to work with a company that specializes in cybersecurity. A reputable company will help you put a plan in place to reduce your risk of an attack as well as continuously monitor your network for suspicious activity.

While no company is 100% protected from becoming a victim of ransomware, you can reduce your risk by taking proactive steps and be prepared if an attack happens.

Keeping Your Data Safe

Everound for Your Cybersecurity Needs

Everound specializes in cybersecurity best practices for small businesses to large enterprises. Our team of cybersecurity experts can help you create an incident response plan, help procure cybersecurity insurance, and implement data protection strategies and programs to keep your information and network safe.

Reach out today to start a conversation about cybersecurity for your business. We can provide a free cybersecurity risk assessment and recommend next steps to protect your data. We focus on your IT, so you can focus on your business.

In a world where no one seems to agree on anything, we can all agree that we hate spam.

For some reason, the people who send spam think it’s going to get us to buy something or switch insurance companies.

The problem is that not all spam is harmless; some spam is very malicious.

How Email Scams Work

Email that just arrives in your inbox is not harmful. In order to infect your computer or your network, you need to click something.

Because your spam program can pick up on many of these emails, it can keep you from seeing them in the first place.

There are a number of different scams. While this isn’t all of them, it’s a pretty good list of the most common types:

Survey – By definition, a survey online would require that you click something. The moment you do, you will either be sent to a site that has malware or will have prompted your computer to download it. Just don’t take any unsolicited surveys.
Imitation – This is an email from a company or a person that you know. Often, it’s an email that looks like it came from a common company, like PayPal or Microsoft. The way to know if it’s real is to look at the actual email address. The best policy is to go to their site yourself and look at your account. Don’t click anything in one of these emails.
Official – Scammers love to use official agencies, like the IRS or state government, to run scams. They’re hoping to panic you into clicking a button. Don’t. Again, open a tab and go to their website or look up the number and call them. The IRS doesn’t use email for official notices, ever.
Lottery – The lottery scam is a golden oldie. “You’ve won’t $1 million. Just click here.” No one wins a lottery they didn’t enter and no lottery will announce that you won $1 million via email.
Phishing – Phishing is when the scammers are looking for information. For example, they might email you posing as your email provider. It will ask you to change your password. They’ll use that to get into your account and give them access to a lot more.
Whaling – This is phishing designed to get to the CEO. They’re looking to hook the big fish, knowing that he or she has access to everything in the company.
Replacement – One common scam is to step into the middle of a transaction and reroute funds. For example, they hack a business associate to whom you’re going to send money. They send you an email saying the routing and account number have changed. Call that person. Don’t believe the email. Verify it personally with that person before you send money.

How Spam Filtering Software Works

The standard spam filter uses a combination of AI and community information to figure out what’s spam.

The artificial intelligence portion looks at how the email is written, the address it’s coming from, and the topic. It will throw that into the quarantine.

In modern solutions, the artificial intelligence will run a scan and monitor how you the user write your emails. If it recognizes you requesting something odd, such as a change to your direct deposit, or spelling things in ways you typically wouldn’t, it will quarantine the email.

The community information is when the email or email security provider, like Google, Microsoft, or Barracuda, gets enough spam complaints from a single address. The system then sees those emails as spam.

The Next Level

There is a higher level of spam filtering that every company should have. It actively scans every email.

This software will hold all of the emails in the cloud while it not only scans everything that’s mentioned above, but it actively scans any links in the emails. The system is looking for redirects, unknown email addresses or web addresses, and other indications of fraud.

It also looks for viruses and malware embedded in the email or at any of the links. Active scanning can keep bad emails from ever showing up in your inbox.

This adds another layer of protection on your email inbox and helps you keep control of what you’re seeing, let alone clicking.

Some people complain that this can slow down emails that they’re waiting for, but in most cases, unless there’s an actual problem, it’s microseconds for the system to analyze an email.

Putting Email Protection in Place

Putting email protection systems in place will require understanding the level of information being exchanged and how the company’s email system is configured.

It’s equal parts software and human behavior.

Here are a couple the levels of protection that can be installed:

Antivirus with automatic email scanning – This is the first step. Not only will the antivirus work to protect your computer or servers, but it actively scans emails as discussed above.
Phishing and Internet Security – These programs protect the company from scams that are found on websites. This can include keyloggers that track every keystroke on a computer. This captures our login information everywhere you go and will go in to pretend it’s you.

In many cases, all of these functions can be found in a single piece of software.

If you have a managed IT service for your servers and workstations, your provider should have already implemented this type of software. It’s worth asking to know that your assets are actually protected.

The most important protection you can put in place is education. Whether it’s sending information, clicking a link, or downloading a bad file, almost every email hack requires that a person does something.

Interested in Email Security?