John Podesta fell for a phishing attack, which led to the release of a decade’s worth of emails. The hacker posed as Google and alerted Podesta to change his password because of suspicious activity on his account. By clicking on the link within the email, hackers were granted full access to his inbox.
Situations like this happen to businesses of all sizes, and the rate of these cyber attacks is only increasing. People are tricked into giving hackers information because they are not aware of the warning signs to look out for. However, here is a list of seven red flags to look out for.
- 1. “From” Line
The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but in reality, it could be a spoof. Hackers know that people are more likely to trust an email from someone they can recognize, which is why they make the email address appear to be from an existing contact. Let’s look at a quick example of this.
Notice that an “l” is missing from “wellsfargo” in the spoofed email, therefore it appears legitimate but the domain is not accurate.
- 2. “To” Line
Sometimes, the hacker will send an email to many different people. If you do not personally know the other people in the “to” line or you are being cc’d on a strange email, that should be a red flag. This is the second aspect of an email to pay attention to in order to detect email fraud and prevent email hacking.
- 3. Hyperlinks
Always be cautious of clicking on embedded links within an email unless you are sure it is from a trusted source. Before you click on a link, you can hover over it with your mouse to see the destination URL before you click on it. If the URL does not match what the text says, it’s not a good idea to click on the hyperlink.
- 4. Time
Consider the time you receive an email and compare it with the normal time you receive similar emails. Do you generally get an email from the CEO of your company at 2 a.m.? If not, this is an indication of a potentially spoofed email.
The same goes for the specific time of year. Be extra cautious around holiday or tax season, as cybercriminals typically increase phishing attempts when financial information is being shared or online shopping is heightened.
- 5. Attachments
Attachments may seem harmless, but some can contain malicious viruses or another form of malware. So, as a rule of thumb, do not open attachments that you are not expecting. If a sender does not normally send you attachments, this is a sign that it could be a fraudulent email. In addition, if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls you should not download or open it.
- 6. Subject
Phishing attempts usually try to trick you with scare tactics or immediate action. If the subject line seems fishy, such as “Need wire transfer now” or “Change password immediately”, validate the source before you take any action. The subject may also be irrelevant or not on topic with the rest of the email content, which can be another red flag.
- 7. Content
The sender may be urging you to update your information or change your password in order to avoid a consequence, which instills fear and prompts action. This is another method to look out for as hackers use this to trick you. In addition, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.
So there you have it, seven simple red flags to look out for when examining an email. Never click on links, download files, or transfer money unless you are sure the email is legitimate. We recommend a two-step verification process to establish validity. For example, if you receive an email from your CEO requesting a wire transfer, we recommend you also confirm via phone or in person. This two-step verification process validates the sender through multiple mediums, which helps avoid falling for scams.
It is important for all businesses to take email hacking seriously. Hackers attack corporations and individuals, so understanding social engineering methods is crucial in addition to having proper spam filters and firewalls installed. Lack of employee education is what makes it difficult for MSPs to properly secure an environment. However, you can use these tips to educate employees both within your company as well as the companies you service to reduce the risks of a cyber attack.
IA Staff. (2017, May 15) 7 Red Flags MSPs Should Identify to Reduce Cyber Attacks [Blog Post]. Retrieved from https://industryanalysts.com/51517_continuum/
Secure Your Business With DCNC Inc.’s Complete Care Package All Colorado area businesses deserve to have their virtual information and data systems protected, during both...
Migrating to O365 has numerous benefits. Read this whole article to learn about the most important ones and then visit DCNC to learn more.
We all know how expensive software licensing is. The old adages, "there is no such thing as a free lunch" and "if it seems too good to be true, it probably is" ring true, now more than ever. It's always tempting to find a "free" version of expensive software or...
Windows 10 was built to do just about everything for everyone--at least that's Microsoft's goal. Click here to download these tips & Tricks.... [pdf-embedder...
Businesses face significant financial loss when a cyber attack occurs. In 2019, the U.S. business sector had 17% increase in data breaches: 1,473 breaches.1 Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious...
More and more of our home devices—including thermostats, door locks, coffee machines, and smoke alarms—are now connected to the Internet. This enables us to control our devices on our smartphones, no matter our location, which in turn can save us time and money while...
The Internet touches almost all aspects of our daily lives. We are able to shop, bank, connect with family and friends, and handle our medical records all online. These activities require you to provide personally identifiable information (PII) such as your name, date...
Many business owners using Office 365 believe that their data is totally secure. The reality, however, is a different story. Although Microsoft offers many benefits in productivity, efficiency, and collaboration with Office 365, the company doesn’t provide users...
“Efficient and got me working again quickly.” “Fast and efficient” “Very helpful” These are just a few of the things clients are saying about one of our newest field technicians, Tricia Farnsworth. Tricia joined the DCNC family in December and hit the ground running....
Phishing tactics exists for one purpose: to get confidential information from an unsuspecting target to get something of value in return. However, knowing about the hugely diverse set of today’s phishing tactics can help ordinary people, home and business internet...
We Are Here To Help!
7100 Broadway #1B
Denver, CO. 80221