7 Red Flags Users Should Identify to Reduce Cyber Attacks
7 Red Flags Users Should Identify
to Reduce Cyber Attacks
People are tricked into giving hackers information because they are not aware of the warning signs to look out for. Here is a list of seven red flags to look out for.
https://www.continuum.net/blog/7-red-flags-msps-should-identify-to-reduce-cyber-attacks
1. “From” Line
The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but in reality, it could be a spoof. Hackers know that people are more likely to trust an email from someone they can recognize, which is why they make the email address appear to be from an existing contact. Let’s look at a quick example of this.
Real Email: amanda@wellsfargo.com
Spoofed Email: amanda@welsfargo.com
Notice that an “l” is missing from “wellsfargo” in the spoofed email, therefore it appears legitimate but the domain is not accurate.
2. “To” Line
Sometimes, the hacker will send an email to many different people. If you do not personally know the other people in the “to” line or you are being cc’d on a strange email, that should be a red flag.
3. Hyperlinks
Always be cautious of clicking on embedded links within an email unless you are sure it is from a trusted source. Before you click on a link, you can hover over it with your mouse to see the destination URL before you click on it. If the URL does not match what the text says, it’s not a good idea to click on the hyperlink.
4. Time
Consider the time you receive an email and compare it with the normal time you receive similar emails. Do you generally get an email from the CEO of your company at 2 a.m.? If not, this is an indication of a potentially spoofed email.
The same goes for the specific time of year. Be extra cautious around holiday or tax season, as cybercriminals typically increase phishing attempts when financial information is being shared or online shopping is heightened.
5. Attachments
Attachments may seem harmless, but some can contain malicious viruses or another form of malware. So, as a rule of thumb, do not open attachments that you are not expecting. If a sender does not normally send you attachments, this is a sign that it could be a fraudulent email. In addition, if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls you should not download or open it.
6. Subject
Phishing attempts usually try to trick you with scare tactics or immediate action. If the subject line seems fishy, such as “Need wire transfer now”; “Change password immediately”, or “Suspicious behavior on your (bank) Account“ validate the source before you take any action. The subject may also be irrelevant or not on topic with the rest of the email content, which can be another red flag.
7. Content
The sender may be urging you to update your information or change your password in order to avoid a consequence, which instills fear and prompts action. This is another method to look out for as hackers use this to trick you. In addition, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.
So there you have it, seven simple red flags to look out for when examining an email. Never click on links, download files, or transfer money unless you are sure the email is legitimate.
We recommend a two-step verification process to establish validity. For example, if you receive an email from your CEO requesting a wire transfer, we recommend you also confirm via phone or in person. This two-step verification process validates the sender through multiple mediums, which helps avoid falling for scams.
It is important for all businesses to take email hacking seriously. Hackers attack corporations and individuals, so understanding social engineering methods is crucial in addition to having proper spam filters and firewalls installed. Lack of employee education is what makes it difficult for IT staff to properly secure an environment. However, you can use these tips to educate employees both within your company as well as the companies you service to reduce the risks of a cyber-attack.
How to Keep Clients Safe from Phishing Attacks and Online Scams this Holiday Season
This time of year is a feeding frenzy for hackers and cybercriminals hungry to exploit the large volume of E-commerce purchases. With Cyber Monday right around the corner, have you trained your end users to practice safe online habits? A new infographic by ZeroFOX depicts that 64% of organizations report an increase in cybercrime on Cyber Monday, and phishing links go up as much as 336% around Thanksgiving.
What scams should your clients be on the lookout for over the next month?
First, let's look at the tactics successful cybercriminals employ when casting their reels...
What are Different Phishing Techniques Used by Attackers?
The scope of phishing attacks is constantly expanding, but frequent offenders tend to:
How Can I Help My Clients Avoid Phishing Attacks?
Offering proactive end user education is critical to protecting client data. You can't assume every employee at the companies you serve understands cybersecurity best practices. With threats becoming increasingly sophisticated, you want to highlight these five preventative behaviors and stress that staff adheres to them:
1. Don't reveal personal or financial information in an email.
Furthermore, make sure they know not to respond to email solicitations for this information. This includes clicking on links sent in these emails.
2. Before sending sensitive information over the Internet, check the security of the website.
Are they practicing safe browsing habits?
3. Pay attention to the website's URL.
Not all emails or email links seem phishy, and your clients may be lured into a false sense of security. Teach them that many malicious websites fool end users by mimicking legitimate websites. One way to sniff this out is to look at the URL (if it's not hidden behind non-descript text). They may be able to detect and evade the scheme by finding variation in spellings or a different domain (e.g., .com versus .net).
4. Verify suspicious email requests by contacting the company they're believed to be from directly.
If say your clients receive an email from Bank of America that seems to be off, instruct them to reach out to the bank with their inquiry. Specify that they'll want to contact the company using information provided on an account statement, NOT information provided in the email.
5. Keep a clean machine.
Having the latest operating system, software, web browsers, antivirus protection and apps are the best defenses against viruses, malware, and other online threats. Clients can ensure this is seen to by investing in the right managed IT services provider, one who'll be a trusted advisor for all of their IT needs. Are you that provider?
Email phishing is a 24x7x365 security concern your end users must be knowledgeable of, but with today kicking off the holiday shopping season, be prepared for an influx of malicious activity. Cyber Monday is right around the corner and with it, comes a whole new host of data security risks and attack vectors.
How Can My Clients Stay Safe this Cyber Monday?
Scammers can be lurking with bogus websites and fake emails to steal victims' money and identities. As such, advise your clients to:
1. Be wary of emails with enticing sales.
As we covered above, following links from phony e-mail is one of the oldest methods for perpetrating any online scam. This holiday season, attackers will attempt to fool clients with messages teasing unbeatable sales at known sites, like Best Buy and Amazon. Make sure your end users don't click these links. Instead, have them open their Web browser, enter the URL to the site offering these discounts and search for these "steals of a deal" manually. If they can't find the amazing offer, it's likely a scam.
2. Shop only on websites they know and trust.
With many retailers offering deep discounts, sometimes as much as 50 percent, it may be tough to figure out which deals are too good to be true.
3. Secure their purchases.
Your clients should only enter credit card details on web pages that use SSL (secure sockets layer) security. To determine this, they should check to see that the URL for the page begins with "https://" and not "http://." That "s" lets you know the site is secure. Most browsers will also show a lock icon in the lower right corner of the browser window to let you know you're on a secure site.
4. Pay with credit cards only.
Encourage your end users to pay for online purchases with a credit card as opposed to a wire transfer or other non-plastic payment method. Federal laws let you dispute an item on your credit card bill if you don't receive your purchase, and many credit card providers also have "zero liability" policies meaning you're off the hook if a bad guy gets your credit card and starts using it.
5. Use different passwords across multiple sites.
Attackers will use the same user name/email and password combinations harvested in an attack across multiple sites. These cybercriminals freely trade this information and have the time and resources to try the combinations against multiple sites. Share these tips to help improve password security!
6. Create a "throw away email account."
All of the major email services like Gmail and Yahoo allow you to create free email accounts. Consider suggesting that end users create an email account just for this year's shopping and stop using it after the holidays. Furthermore, have them use this email address as their user name for all online transactions that require one. This will reduce SPAM in their primary email accounts, and help keep attackers from gaining access and obtaining sensitive data shared there.