As Managed Services Provider, we compile and analyze previous data breaches and train individuals, like yourselves, on best practices to avoid causing the next one.
If there’s anything we’ve learned, it’s that anyone can make a mistake. We’re all human! But the reality is, even small mistakes can lead to significant security incidents. The good thing is, many of these miscues can be avoided – and you don’t need to be an expert to prevent them!
With a proper understanding of cybersecurity risks and best practices, a level head, and a pinch of skepticism, you can efficiently protect yourself and not end up as our next case study.
The most common cyberattacks happen by email. If you receive a suspicious email from your boss or co-worker, your phishing senses should be tingling. There are a few things that usually stand out and should be a pause for concern:
- The sense of urgency jumping off the screen;
- Request to purchase gift cards;
You should be instantly suspicious of such emails but do not respond to those. It seems harmless, but such action actually will trigger a series of events that lead to the next target in your organization. When you respond to a phishing email, you’re letting the cybercriminal know that your email address is valid and being monitored. This lets them know that the email they sent to you successfully made it and wasn’t caught by any firewall or spam filters.
Such an incident is called a BEC (Business Email Compromise) scam and is becoming very common. BEC scams can be very difficult to spot because they are designed to look like they’re coming from someone you know and trust, typically your supervisor or co-worker.
These scams are so effective because cybercriminals do their homework on your organization and even your specific job duties. With easy-to-find public information on social media sites, company webpages, and business networking sites, a clever cybercriminal can craft a compelling message that is more likely to result in success.
BEC scams and phishing can be difficult to spot and prevent, but you can take steps to protect your data. One of them is using a SLAM method to verify an email’s legitimacy.
SLAM stands for Sender, Links, Attachments, and Message. These four factors should all be analyzed to help you make the right decision on how to act if you receive an unusual email.
Sender – check the sender address closely for small deceptive changes and verify this request is something this person would typically ask from you.
Links – the links could download a malicious virus or take you to a fake website to trick you into providing personal information like your login credentials. Always hover over the link without clicking on it to verify where it’s taking you.
Attachments – be wary of attachments because opening them could lead to a virus, spyware, or ransomware on your device or your company’s network. Do not open them unless you’re confident they are safe.
Message – check the message for anything that seems off to you; watch out for a sense of urgency, an unusual request, misspellings, and generic greetings. Think about how the message is phrased and what is being asked of you. Be skeptical of content that seems too good to be true or doesn’t fit the persona of who it appears to be sent from.
Additional tips
Don’t respond to a spam email. This tells the scammer that your email address is valid, putting you and your co-workers at risk for increased phishing attempts.
A request to purchase gift cards is a common tactic used by scammers due to their difficult traceability.
If you do fall victim to a phishing attack or a BEC scam, don’t keep it to yourself; inform your supervisor or IT immediately to help limit the damage.