Category: Email Security

Phishing scams are nothing new and are one of the biggest cyber threats to a business. According to Proofpoint, more than 80% of companies were targeted by phishing cybercriminals in 2021. Do you know how to spot phishing attempts at your organization?

Understanding the different types of phishing strategies is the first step to stopping them from infiltrating your organization. Let’s examine the different types of phishing attacks, ways to spot them, and how to block phishing emails.

Types of Phishing Attacks

What is phishing? Phishing is an email or text message scam that tricks users into providing personal information either by clicking on a link or opening an attachment. The emails or text messages appear to come from someone the recipient trusts, either a supervisor, colleague, or in some cases, a family member.

Not all phishing attempts are the same, and there are several different ways a cyber thief can deploy a phishing attack. The most common types include:

  • Deceptive: Deceptive phishing is the most common type of scam. In this method, attackers impersonate a company the user is familiar with to steal personal information or data. The emails may look real and even include legitimate links to trick the user into falling for the scam.
  • Spear: Spear phishing is a more targeted type of a deceptive phishing attempt. With spear phishing, the criminal will specifically target an individual with personal information they can find on the Internet. A spear phishing email may contain the user’s full name, place of employment, job title, email address, and even specific information about their role at their company.
  • Whaling: Whaling is similar to spear phishing, however, targets senior leadership such as the C-suite. With whaling, scammers impersonate the CEO, CFO, or another high-level team member with the hope the recipient will “follow orders” from a superior. The requests are typically to complete a financial transaction or respond to the email with personal information.
  • Smishing: Smishing is a type of phishing attack that uses text messaging rather than emails, but the goal is still the same – to get a user to click on a malicious link or provide personal information. Many phishing criminals will send text messages disguised as a bank and claiming there was suspicious activity with the user’s bank account or credit card.
  • Vishing: Vishing is much the same as smishing, however, the platform switches to a phone call rather than a text message. Senior citizens are particularly at risk for vishing attacks. The caller will pose as someone in an authoritative position to be able to obtain bank account numbers, credit card information, and more.
  • Pharming: As users have become more aware of email phishing, fraudsters have changed their strategy to include pharming. With pharming, users are redirected to a fake or “spoof” website that essentially appears to be a real website. The fake sites are designed to capture a user’s personal information such as their social security number, website credentials, account numbers, and more. Pharming is implemented when the hacker sends malicious code in an email that redirects traffic to the fake website.
  • Angler: Angler phishing is a fairly new type of phishing attempt that targets social media users, particularly ones who are frustrated with customer service at a financial institution. The cybercriminal will pose as a customer service rep for the company and respond to a complaint using a handle that includes the name of the institution. The fake account will attempt to “resolve” the complaint and ask the user to click on a link to talk to an agent. Once the link is clicked, the fraudster can install malware on the user’s computer or steal business data.

While there are different methods of phishing, they all share the same goal. The email (or text message or phone call) may ask for a password, billing information, credit card numbers, or other sensitive data. Once the information is shared, hackers can infiltrate a company’s network and steal information or deploy malware. Phishing is a real risk for all sizes of organizations, from small businesses to large enterprises. If you are concerned about phishing attempts at your business, a cybersecurity team like Everound can help.

How to Spot Phishing Attempts

how to spot phishing attemptsIt’s more than likely that you have been the target of a phishing attempt either at work or at home. Were you able to spot it as suspicious? There are “red flags” to watch out for when determining if an email is real or a phishing attempt.
Here are ways to spot a phishing attempt:

  • Unfamiliar tone: Does the email from your friendly coworker down the hall come off as cold and monotone? Chances are, the email is a phishing attempt. Hackers don’t understand tone very well and some phishing emails are even written by bots. If the content in an email feels a little “off,” make sure you verify the sender actually sent you an email.
  • Spelling and grammatical errors: Most email platforms have a built-in spell check feature for outbound emails. If an email contains several spelling and grammatical errors, it may be a phishing attempt.
  • Inconsistencies with an email address, links, or domain: Another easy way to spot a phishing attempt is to look for inconsistencies with the domains in email addresses or links. For example, if you hover over a link in an email from your “bank” and the URL doesn’t contain the bank name or trusted domain, that’s a huge red flag.
  • Threats or a sense of urgency: Threats or a sense of urgency are often used in whaling. Your “CEO” may be busy in a meeting and ask you to quickly take care of sending a payment to a vendor. If you receive an email that feels out of character, is threatening, or creates a sense of urgency that is uncommon at your business, this is likely a phishing attempt.
  • Suspicious attachments: Attachments sent via email should always be opened with caution. Attachments can contain harmful viruses and malware that can infiltrate an entire organization quickly causing financial damages. If you receive an email with an extension such as .zip, .exe, .scr, etc., or another unfamiliar extension, be very cautious about opening it. Check with the sender by phone to see if they sent you a safe attachment.
  • Odd request: Did you get an email with a request to do something that is not within the normal scope of your job at work? Or perhaps an off-hours text message from your “boss”? Did your IT team send an email with an attachment and you weren’t expecting it? Odd requests are a sign of a phishing attempt.
  • Short and sweet: Some phishing emails are full of content and detail, and others are short and sweet. If you receive a message with a short note like “Per your request” or “As a follow up…” however didn’t request or need anything from the user, do not click on any links or open the attachment.
  • Request for a password or other sensitive information: This is by far the easiest way to spot a phishing email – when the requestor asks for a password or other sensitive information in an email. Passwords, bank account information, and personal data should never be shared via email. A savvier attempt is to send the user to a fake landing page and ask the user to enter their credentials. Remember – banks, financial institutions, and other reputable companies you do business with will not request your credentials via email or their website.

Learning how to spot phishing emails can reduce your risk of a data breach or other cyber threat. Phishing emails are always a little bit “off” and are suspicious. If you are unsure if you can tell the difference between a real email and a phishing scam, working with a cybersecurity team can help.

How to Block Phishing Emails

The first line of defense against phishing emails is learning how to spot them. Your information technology team is likely also implementing several strategies to block phishing emails all together.

How can you block phishing emails?

  • Security awareness training: Phishing attempts all rely on one thing – human interaction. You can reduce your threat and risk of being a target of phishing emails by implementing regular security awareness training at your organization. There are also phishing simulators that can send suspicious emails that are actually harmless to see if employees would fall for a phishing scam.
  • Anti-spam, anti-malware, and anti-phishing software: There are several cloud service software packages that include anti-spam, anti-malware, and anti-phishing support. This technology can identify and stop phishing emails before they even get to a user’s inbox.
  • DNS authentication services: DNS authentication services that include SPF, DKIM, and DMARC protocols help prevent fake websites (spoofing) and impersonation. With DNS authentication, users are blocked from visiting sites that are flagged malicious by the software.
  • Anti-impersonation technology: One of the cornerstones of phishing attacks is the criminal’s use of impersonation. Anti-impersonation technology scans inbound emails and detects abnormalities in headers, domains, and suspect body content.

Cybersecurity Services from Everound

At Everound, we make it our business to protect our clients from phishing and cyberattacks. As a managed IT services provider, we offer comprehensive cybersecurity solutions to protect organizations from phishing, data breaches, dark web threats, malware, viruses, and more.

Unsure if your business is protected and able to sustain a cyber threat? Reach out today for a free cybersecurity audit. We will take a look at your current IT infrastructure, assess vulnerabilities, and work with you to come up with a robust cybersecurity plan. Let us focus on your IT, so you can focus on your business.

Ransomware attacks are on the rise and are making national and global news headlines and for good cause. In 2020, there was a 150% increase in attacks and a 300% increase in the amount of ransom paid. This increase does not appear to be slowing down either. To date, the amount of ransomware attacks in 2021 has surpassed all of last year. What is contributing to this increase?

While there are several factors that have contributed to the increase, one main reason was the immediate shift to remote work during 2020. Almost overnight, many businesses went 100% remote without a cybersecurity plan in place. Workers were utilizing their personal computers and laptops and logging on from home on unsecured VPN networks rather than connecting at the office through a secure network. Cybercriminals were able to exploit security weaknesses at both large and small businesses.

Do you know your risk for a ransomware attack at your business? Let’s take a look at how ransomware attacks have changed, who is at risk for an attack, and ways to reduce your risk.

More Sophisticated Attacks

How Ransomware Attacks Have Changed

When you think of a ransomware attack, you may think of a lone person sitting in a dark basement hacking into a company’s network trying to gain access to sensitive information. The hacker gains access to the company through phishing emails and once in the network, deploys malware that encrypts servers and sensitive company data. While this methodology still occurs, the entire process has evolved, is more organized, and is a massive, profitable business.

While there are still ‘lone wolves’ executing ransomware attacks, most data breaches occur at the hands of a group of sophisticated, strategic cybercriminals. These organizations, usually located in eastern Europe, are extraordinarily adept at infiltrating a company’s servers and planting ransomware. They extract as much sensitive company information as possible in order to demand ransom payments.

Another factor in the increase of ransomware attacks is ransomware-as-a-service (RaaS). Think of RaaS as a franchise model for ransomware attacks. Large-scale, organized groups of cyber criminals, such as DarkSide and REvil, franchise their capabilities such as encryption tools, communications, and ransom collections to independent hackers in exchange for a percentage of the collected ransom. This model has allowed ransomware attacks to be outsourced across the globe.

Is Your Business at Risk?

Who Is at Risk for an Attack?

Ransomware is a profitable business and ransom demands have escalated over the last two years. It’s no surprise that attackers are targeting large organizations who are likely to pay a ransom rather than have their business frozen for more than a day or two. Several different industries have been targeted recently including healthcare and critical infrastructure. The highly visible Colonial Pipeline attack crippled the company and the fuel supply chain on the East coast.

While large-scale ransomware attacks have made the news, there are many more that do not make national headlines. Small organizations are also at risk for an attack, especially by bots programmed to use a ‘shotgun approach’ at ransomware. These bots will scan thousands of company websites looking for email addresses, social media profiles, and any other personal data to use in a cyber attack.

Ransomware attacks are hitting close to home in Central Pennsylvania. Last year, the Duncannon borough in Perry County paid tens of thousands of dollars to hackers who held municipal data hostage. Although service was uninterrupted, the borough’s e-files, data, and emails were encrypted, and backup systems were compromised.

 

The bottom line – almost any organization is at risk for a ransomware attack. If you are a business owner, how do you reduce your risk for a cyber attack?

Start with Preparation

How to Reduce Your Risk

The best way to reduce your risk of a ransomware attack is to prepare for one. When you go through the process of preparing for a cyber attack, you will identify potential vulnerabilities and be able to address them prior to an attack.

Here are some key ways to prevent ransomware:

  • Create an incident response plan: A cybersecurity incident response plan helps companies prepare for, detect, respond to, and recover from cybersecurity incidents. The plan should address issues like malware detection, data theft, and service outages.
  • Invest in cybersecurity insurance: Cyber insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. It generally covers your business’ liability and helps in recovering compromised data. If you do not have cybersecurity insurance, your IT department, legal department, or your managed IT services provider can help you procure insurance.
  • Set up a secure texting channel: One of the first casualties of a cyber attack is internal communication via email. To ensure senior leadership can communicate without access to email, set up a secure texting app.
  • Use multifactor authentication (MFA): MFA is an electronic authentication process where a user is granted access to a website or application only after successfully providing two or more pieces of evidence to an authentication mechanism. MFA processes reduce the risk of ransomware since it creates an additional barrier to access of data.
  • Provide regular cybersecurity training: Most network weaknesses and cyber attacks are caused by human error. Regular cybersecurity training can drastically reduce the risk of an attack.
  • Consult with a cybersecurity company: Cybercriminals have years of training and prep to be able to be successful at what they do and one of the best ways to stay ahead of an attack is to work with a company that specializes in cybersecurity. A reputable company will help you put a plan in place to reduce your risk of an attack as well as continuously monitor your network for suspicious activity.

While no company is 100% protected from becoming a victim of ransomware, you can reduce your risk by taking proactive steps and be prepared if an attack happens.

Keeping Your Data Safe

Everound for Your Cybersecurity Needs

Everound specializes in cybersecurity best practices for small businesses to large enterprises. Our team of cybersecurity experts can help you create an incident response plan, help procure cybersecurity insurance, and implement data protection strategies and programs to keep your information and network safe.

Reach out today to start a conversation about cybersecurity for your business. We can provide a free cybersecurity risk assessment and recommend next steps to protect your data. We focus on your IT, so you can focus on your business.

In a world where no one seems to agree on anything, we can all agree that we hate spam.

For some reason, the people who send spam think it’s going to get us to buy something or switch insurance companies.

The problem is that not all spam is harmless; some spam is very malicious.

How Email Scams Work

Email that just arrives in your inbox is not harmful. In order to infect your computer or your network, you need to click something.

Because your spam program can pick up on many of these emails, it can keep you from seeing them in the first place.

There are a number of different scams. While this isn’t all of them, it’s a pretty good list of the most common types:

  • Survey – By definition, a survey online would require that you click something. The moment you do, you will either be sent to a site that has malware or will have prompted your computer to download it. Just don’t take any unsolicited surveys.
  • Imitation – This is an email from a company or a person that you know. Often, it’s an email that looks like it came from a common company, like PayPal or Microsoft. The way to know if it’s real is to look at the actual email address. The best policy is to go to their site yourself and look at your account. Don’t click anything in one of these emails.
  • Official – Scammers love to use official agencies, like the IRS or state government, to run scams. They’re hoping to panic you into clicking a button. Don’t. Again, open a tab and go to their website or look up the number and call them. The IRS doesn’t use email for official notices, ever.
  • Lottery – The lottery scam is a golden oldie. “You’ve won’t $1 million. Just click here.” No one wins a lottery they didn’t enter and no lottery will announce that you won $1 million via email.
  • Phishing – Phishing is when the scammers are looking for information. For example, they might email you posing as your email provider. It will ask you to change your password. They’ll use that to get into your account and give them access to a lot more.
  • Whaling – This is phishing designed to get to the CEO. They’re looking to hook the big fish, knowing that he or she has access to everything in the company.
  • Replacement – One common scam is to step into the middle of a transaction and reroute funds. For example, they hack a business associate to whom you’re going to send money. They send you an email saying the routing and account number have changed. Call that person. Don’t believe the email. Verify it personally with that person before you send money.
How Spam Filtering Software Works

The standard spam filter uses a combination of AI and community information to figure out what’s spam.

The artificial intelligence portion looks at how the email is written, the address it’s coming from, and the topic. It will throw that into the quarantine.

In modern solutions, the artificial intelligence will run a scan and monitor how you the user write your emails.  If it recognizes you requesting something odd, such as a change to your direct deposit, or spelling things in ways you typically wouldn’t, it will quarantine the email.

The community information is when the email or email security provider, like Google, Microsoft, or Barracuda, gets enough spam complaints from a single address. The system then sees those emails as spam.

The Next Level

There is a higher level of spam filtering that every company should have. It actively scans every email.

This software will hold all of the emails in the cloud while it not only scans everything that’s mentioned above, but it actively scans any links in the emails. The system is looking for redirects, unknown email addresses or web addresses, and other indications of fraud.

It also looks for viruses and malware embedded in the email or at any of the links. Active scanning can keep bad emails from ever showing up in your inbox.

This adds another layer of protection on your email inbox and helps you keep control of what you’re seeing, let alone clicking.

Some people complain that this can slow down emails that they’re waiting for, but in most cases, unless there’s an actual problem, it’s microseconds for the system to analyze an email.

Putting Email Protection in Place

Putting email protection systems in place will require understanding the level of information being exchanged and how the company’s email system is configured.

It’s equal parts software and human behavior.

Here are a couple the levels of protection that can be installed:

  1. Antivirus with automatic email scanning – This is the first step. Not only will the antivirus work to protect your computer or servers, but it actively scans emails as discussed above.
  2. Phishing and Internet Security – These programs protect the company from scams that are found on websites. This can include keyloggers that track every keystroke on a computer. This captures our login information everywhere you go and will go in to pretend it’s you.

In many cases, all of these functions can be found in a single piece of software.

If you have a managed IT service for your servers and workstations, your provider should have already implemented this type of software. It’s worth asking to know that your assets are actually protected.

The most important protection you can put in place is education. Whether it’s sending information, clicking a link, or downloading a bad file, almost every email hack requires that a person does something.