Email Security

In our current business environment, email security has been focused on the newest threats. The threats pertaining to Covid-19 are very serious and need to be highlighted but they are not the only type of threat that needs to be emphasized.

In times of disaster, malicious actors will always try to take advantage of the situation. While all email users need to be aware of these perils, we cannot forget about other risks that are still present. There are millions of phishing and spoofing emails being sent daily that do not contain any information about the Coronavirus.

While phishing and spoofing can be used in conjunction with each other, they are both separate types of fraudulent emails meant to trick users into giving up personal information; including passwords, bank account information, and credit card numbers. Phishing is the practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, usually passwords. Spoofing disguises a communication from an unknown source as being from a known source. Both acts are not only used maliciously through email, but can be utilized as fake websites, phone calls or text messages.

Email Phishing

There are millions of phishing emails that are sent globally everyday. They make up 90% of all cyber attacks by volume. Some are poorly done, the Nigerian Prince, while some take an expert to tell the difference between a legitimate and fake email. The most common form of phishing emails are mocked-up templates informing users that their Microsoft, Apple or Facebook accounts have been locked out. They usually contain a link to click which will immediately reset your password, and by only entering your current user name and password this issue can be quickly fixed. The key to this type of scam, is they urge the recipient to quick action. They succeed by minimizing the amount of time users spend thinking about the legitimacy of the request with their call to action. The top ten most common companies that are used in phishing emails are;

  • Microsoft
  • PayPal
  • FaceBook
  • Netflix
  • Bank of America
  • Apple
  • CIBC
  • Amazon
  • DHL
  • DocuSign

If you receive an email asking for your passwords, first, stop and think. Never follow an unprompted e-mail link to reset your password. If you think there might be an issue with your password, access your mobile or desktop application, and establish if you can access it normally. If you can, more than likely you have been phished. If you have put in your sign in information, immediately change your passwords.

Email Spoofing

Spoofing is a less common form of malicious email attack, but if done well, hackers can easily trick an unsuspecting receiver into giving up personal information. The most common is an attempt by the malicious party to trick their target into giving up their credit card numbers, Social Security Numbers or bank account information. They accomplish this by tricking the target in believing the email has been sent from a trusted source; their bank, coworker or insurance company. For example, the accounting department may get an email from what they think is the CFO asking to purchase gift cards for clients. After they are purchased, they will be asked to scan and email the information. At this point, the bad actor has successfully scammed their intended target, and received untraceable funds. If you receive an email, asking for personal information, money, account numbers, etc, always verify that it is a legitimate request. This can be done by simply picking up the phone and calling the requester at a phone number that you already possess not any that are listed on the potentially spoofed email.

How Is Your Organization’s Email Security?

While in these trying times, we need to be extra cautious, especially with the newer digital threats that revolve around Covid-19, we still can not ignore other forms of cyberattacks. If you are interested in learning more about how to prevent phishing, spoofing and other cyberattacks, please reach out to HubWise Technology, or at (402)339-7441.