John Podesta fell for a phishing attack, which led to the release of a decade’s worth of emails. The hacker posed as Google and alerted Podesta to change his password because of suspicious activity on his account. By clicking on the link within the email, hackers were granted full access to his inbox.
Situations like this happen to businesses of all sizes, and the rate of these cyber attacks is only increasing. People are tricked into giving hackers information because they are not aware of the warning signs to look out for. However, here is a list of seven red flags to look out for.
- 1. “From” Line
The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but in reality, it could be a spoof. Hackers know that people are more likely to trust an email from someone they can recognize, which is why they make the email address appear to be from an existing contact. Let’s look at a quick example of this.
Notice that an “l” is missing from “wellsfargo” in the spoofed email, therefore it appears legitimate but the domain is not accurate.
- 2. “To” Line
Sometimes, the hacker will send an email to many different people. If you do not personally know the other people in the “to” line or you are being cc’d on a strange email, that should be a red flag. This is the second aspect of an email to pay attention to in order to detect email fraud and prevent email hacking.
- 3. Hyperlinks
Always be cautious of clicking on embedded links within an email unless you are sure it is from a trusted source. Before you click on a link, you can hover over it with your mouse to see the destination URL before you click on it. If the URL does not match what the text says, it’s not a good idea to click on the hyperlink.
- 4. Time
Consider the time you receive an email and compare it with the normal time you receive similar emails. Do you generally get an email from the CEO of your company at 2 a.m.? If not, this is an indication of a potentially spoofed email.
The same goes for the specific time of year. Be extra cautious around holiday or tax season, as cybercriminals typically increase phishing attempts when financial information is being shared or online shopping is heightened.
- 5. Attachments
Attachments may seem harmless, but some can contain malicious viruses or another form of malware. So, as a rule of thumb, do not open attachments that you are not expecting. If a sender does not normally send you attachments, this is a sign that it could be a fraudulent email. In addition, if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls you should not download or open it.
- 6. Subject
Phishing attempts usually try to trick you with scare tactics or immediate action. If the subject line seems fishy, such as “Need wire transfer now” or “Change password immediately”, validate the source before you take any action. The subject may also be irrelevant or not on topic with the rest of the email content, which can be another red flag.
- 7. Content
The sender may be urging you to update your information or change your password in order to avoid a consequence, which instills fear and prompts action. This is another method to look out for as hackers use this to trick you. In addition, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.
So there you have it, seven simple red flags to look out for when examining an email. Never click on links, download files, or transfer money unless you are sure the email is legitimate. We recommend a two-step verification process to establish validity. For example, if you receive an email from your CEO requesting a wire transfer, we recommend you also confirm via phone or in person. This two-step verification process validates the sender through multiple mediums, which helps avoid falling for scams.
It is important for all businesses to take email hacking seriously. Hackers attack corporations and individuals, so understanding social engineering methods is crucial in addition to having proper spam filters and firewalls installed. Lack of employee education is what makes it difficult for MSPs to properly secure an environment. However, you can use these tips to educate employees both within your company as well as the companies you service to reduce the risks of a cyber attack.
IA Staff. (2017, May 15) 7 Red Flags MSPs Should Identify to Reduce Cyber Attacks [Blog Post]. Retrieved from https://industryanalysts.com/51517_continuum/
Many business owners using Office 365 believe that their data is totally secure. The reality, however, is a different story. Although Microsoft offers many benefits in productivity, efficiency, and collaboration with Office 365, the company doesn’t provide users...
“Efficient and got me working again quickly.” “Fast and efficient” “Very helpful” These are just a few of the things clients are saying about one of our newest field technicians, Tricia Farnsworth. Tricia joined the DCNC family in December and hit the ground running....
Phishing tactics exists for one purpose: to get confidential information from an unsuspecting target to get something of value in return. However, knowing about the hugely diverse set of today’s phishing tactics can help ordinary people, home and business internet...
5 Tech Tips for getting your workforce working remotely and keeping them secure Whether by choice or by government order, as COVID-19 continues to spread, companies have employees working from home. Here are some tech tips and tricks from DCNC, to help make the remote...
Jeff Lindvall has been in technology sales for near twenty years now and enjoyed working in telecom, AV integration, cloud, software, and unified communications. As far as IT sales, he’s held almost every position imaginable. He...
Many people are guilty of not recycling their old and obsolete electronics. It’s never a good idea to dispose of your electronics in the garbage, in fact in Colorado it’s been illegal since 2013. Instead, it should be disposed of in the proper way and through proper...
If you're not on Office365, you may be curious about the newest release of Office from Microsoft. Here’s what you need to know for now: For starters, you won’t be forced to upgrade. Microsoft Office 2019 is a standalone, one-time purchase that does not receive...
Wait…. Affects the firm’s security?? Our firm doesn’t ever stay at a Marriott or an SPG hotel, so surely we are not at risk…. are we?? Unfortunately, the truth is that yes, your firm’s data is still at risk, and now more than ever. Even if as a company you always...
So, one morning, you log onto your computer, open your email, and find yourself staring at a bunch of undeliverable emails in your Inbox. These emails were created and sent from your computer, or so it seems, and have bounced back from yonder destinations......giving...
Now that we have your attention... The following email text has been received by multiple contacts. Although the original email contains a user's accurate password, in the opening sentence, it has been verified that this action was not possible and no ill-effects...
We Are Here To Help!
7100 Broadway #1B
Denver, CO. 80221