When you’re trying to make your business IT more secure, Network Firewalls, Anti-Virus software and Mail Filtering will only do so much. Staff being able to identify and avoid threats is also a very important defense if not more important than having the latest and greatest security systems in place.
Currently one of the most common ways machines become infected is via e-mails and recently LSA Systems have noticed a major increase in threats via e-mail in the form of phishing, spoof and even ‘CEO impersonation’ fraudulent e-mails.
Hopefully by now we can all recognise an obvious SPAM message but recently scammers have created fake e-mails that are very convincing at a glance. If you follow these rules you should be able to identify and isolate the most dangerous e-mails or at least think twice about opening infected attachments:
• If you don’t recognise the sender don’t click on any links or open attachments.
• If you do recognise the sender but aren’t expecting that particular message it’s worth contacting them by phone to confirm they actually sent it.
• If you do need to open an attachment but are asked to enable macros say no, close the file and go back to the sender.
• If the subject line doesn’t match the message or the e-mail doesn’t make sense. (For example an invoice for something you haven’t bought) then don’t open it.
• If you’re asked to log in to an account or verify something open a new internet window and log in manually rather than clicking a link.
• If the signature or format doesn’t look right a message may have been spoofed so check with the sender before opening anything.
We have also seen other messages that appear to be from somebody within your own business. Even though a message appears to be from your colleague it could have been spoofed by a scammer, if the signature doesn’t look right, if you’re unsure about the attachment or if the request seems strange check with them in person or over the phone. At the end of 2015 a lot of Social Engineering e-mails tried to convince staff to make payments by spoofing the address of a director or manager. This is known as CEO fraud and although it isn’t technically an IT issue it is something everybody should be aware of. Like the other e-mail scams and spoofs if you are unsure it’s always best to check with the sender in person or over phone before making any payments to the wrong account.
If you are still unable to determine the legitimacy of an e-mail don’t do anything and contact your IT support provider who will be able to help.
If you want more information on how to reduce the number of SPAM, Phishing and Spoofed messages you receive please contact LSA Systems.