July 18, 2022

The Dark Side of Email

Email is typically used for collaboration and productivity in your organization, but there is a darker side that you need to know.

Email is typically used for collaboration and productivity in your organization, but there is a darker side that you need to know.

The technologies we rely on everyday such as email and instant messaging, are sometimes the most vulnerable to abuse and attack. You've heard of spam emails, viruses, and malware, but are you aware of Phishing, the risks it presents, and how to prevent it? 

What is Phishing? 

Phishing is a form of cybercrime. It happens when someone pretending to be a legitimate person or institution gets an unsuspecting target to click on a fraudulent email, text, or other communication. The goal of this is to trick the unwitting victim to hand over credentials, sensitive information, or convince the user to purchase an item like gift cards or money orders/wire transfers. Sometimes, hackers will use that information to convince other people inside the organization that they are really who they pretend to be. They then build additional credibility by gathering specific information from users such as invoice amounts, vendors, family, etc and use that information when emailing other people to convince them that they are not a stranger. This is often called spear-phishing, since it's more targeted.

Remote Shouldn’t Mean Disconnected From Security Best Practices

Cybercriminals try to isolate members of your organization through phishing. They know that many companies have employees working remotely now, and they may send communications designed to look like remote work instructions for a specific employee, or things that normally would raise suspicions if we were in the office. However, since we're not, it's sometimes harder to tell what's legitimate. Make sure all members of your organization know what official channels communications about remote work will come through and give them the details they need to distinguish legitimate company emails from phishing attempts.

How Phishers Use Trusted Brands, Connections, and Big Events for Bad Purposes

Emails that look like they are from legitimate institutions. Phishers love to play on emotion. They want to get members of your organization to panic just long enough to click on their email. For example, during the height of the Covid pandemic, hackers used subject lines like, “An Urgent Warning From the CDC” or “CDC Update On COVID-19” or even a subtle one like “CDC Guidance for Businesses Working Remotely Due to the Coronavirus" to entice people to click on the emails.

Posing as coworkers asking for donations. These emails may appear to be sent by a member of your organization and could appear to be a link to a GoFundMe page, or a similar site, requesting donations for someone in your organization. Urge employees to avoid sending these kinds of communications and tell employees never to open these kinds of emails, even if they appear to be legitimate.

Sending communications requesting private information for expense purposes. Many companies offer employees an expense account to take care of their business needs. Phishers are aware of this and may send communications requesting bank account information for reimbursement purposes. Make sure your employees understand your legitimate expensing process and that they know when and how your company will communicate with them regarding expenses and reimbursements.

Pretending to be you. Phishers may send emails that appear to be from your IT department. These emails may have subject lines like, “Regarding Your VPN Access,” or “A Technical Issue With Your Remote Connection.” Some of your employees might not know what legitimate IT communications look like. Explain your policies to them and use a consistent approach to communicating with employees, so they know what to expect.

What can you do? 

Always use multi-factor authentication and strong complex passwords. A password such as "Password2022!" can be cracked in less then 5 seconds.

Subscribe to a managed phishing awareness training program for your company

Add additional layers of email security that identify phishing attempts and isolate them from your mailbox

If something doesn't feel right, ask

If you have questions or would like to chat with a security expert, complete the form at the bottom of this page and we will reach out for a discussion on how you can protect your organization.

Get started with nology today.

Your business is unique. Your cyber security, managed IT, and cloud solutions should be too. Let us build the perfect custom solution for your business.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.