Malicious email attacks continue to be a common security threat to individuals and businesses, with small businesses being targeted most often.

Email messages asking recipients to click on unknown links or attachments are especially dangerous because the sender oftentimes impersonates a leader or another member of your organization.  Common requests can include:

• Making a financial payment
• Altering the bank account information of a vendor, client, or another team member
• Purchasing gift cards 
• Resetting your passwords
  

To prevent intrusion and thousands of dollars in recovery costs, we’ve put together some best practices for you to share with your teams, family, and friends as these types of attacks become more common.  

Security Tips to Avoid an Attack

1. Never open links from unknown senders.
2. Never disclose sensitive information over the telephone.
3. Do not make any requested purchases, money transfers, or banking account changes without personally verifying the request with the sender. This should be done via telephone or an in-person conversation.  
4. Never input a username or a password unless you’re 100% sure of the requester’s legitimacy.
5. Never download attachments from unknown senders.
6. Always use long, complicated and unique passwords.
7. Change passwords routinely.
8. Never include personal information in your password.
9. Never write down a password.
10. Only keep emails in your inbox as needed.  Delete any unnecessary emails that may contain sensitive information.
11. Ask us about implementing multi-factor authentication on your e-mail system.
12. Back up your data regularly.

 

4 Ways to Spot a Phishing Email

1. Remember, most phishing emails are carefully crafted to appear like it is from someone you know, so it is essential that you verify any requests.
2. Look for some sort of financial transfer or purchase that is oftentimes requested. 
3. Alternatively, a change to a financial account may be requested.  
4. The e-mail may use aggressive language to indicate that this is an urgent and confidential request.  

 

Common Types of Indicators

It is important to keep an eye out for these types of indicators when scanning emails from unknown senders.

1. Vague subject lines
2. Improper use of grammar
3. Lack of personalization, (i.e. “Hi User”)
4. Lack of details with specific requests for action
5. Unfamiliar file names
6. Email signature different from sender’s email address
   

 

Take the Online Phishing Quiz

If you feel unsure about what to look for, SonicWall’s Phishing IQ test (only seven questions long) is a great way to familiarize yourself and test your ability to identify malicious emails.  

Continue to follow us as we uncover the latest developments in data protection, enterprise email security, and boosting productivity.

You can also find us on LinkedIn at Concept Technology Inc., Facebook at @concepttechnologyinc, and check in for Nashville’s latest happenings on Twitter at @ConceptTechInc.