SpireTech Blog - Tag: Phishing
Avoid phishing emails by reading these posts.
Our service desk always gets a lot of questions about whether or not an email is legitimate. If you suspect an email is not legitimate, it probably is not – usually your gut instinct is correct here. 95% of the time the email is not legitimate. You can refer to our earlier 3-minute instructional video on the subject here:
Some of the recent scams that we’ve seen are:
- Fake invoice emails, sometimes with attachments, sometimes claiming a bill is past due
- A real secure email (like you would get from a bank or secure email sending service) that contained spam inside it, sent from a hijacked account
- Fake docusign emails with an html attachment
Many of these emails are easily detected using the techniques outlined in our educational 3-minute video contained in the link above, which includes:
- Instructions on how to examine the sender email
- How to inspect links for validity
Spammers are lazy, and these simple techniques will allow you to hit the delete button on the majority of these emails. Please watch the video, and if you aren’t sure about an email, always send it to us for an opinion. Read more...
Getting a lot of annoying spam in your email? Here’s a quick guide on how to report spam in Microsoft 365.
For customers using Office 365’s built-in junk mail filter, there is an outlook plugin you can install to report spam that gets past Microsoft’s filters and move it to your junk mail folder. This article may not apply to you if you are using an external spam filter, like SpireTech’s junk mail filter.
A lot of clients forward us spam, there isn’t much we can do about it – using this tool is the best way to improve the filtering. If you have questions if an email is legitimate or require other advice, please send it to us – but otherwise, we’re recommending clients use the “Report Message” plugin to send spam to Microsoft if you aren’t using an external spam filtering service.
Please watch the video to learn how to install and use the tool. Read more...
At SpireTech, our managed services clients often contact the helpdesk to determine if an email is fake or not. We thought it’d be helpful to put together a short instructional video to help you identify some common signs that an email is a phish or fake email.
While this doesn’t cover all the possibilities, we think it hits on the most common ones. Another thing we’re seeing occasionally is a real, targeted email to a client purporting to be be from an owner of the company or a vendor. Always pick up the phone if there’s any question on the validity of an email, and contact our service desk if you need help!
used with permission from FTC.gov., by Colleen Tressler
Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity, or both. They also use phishing emails to get access to your computer or network. If you click on a link, they can install ransomware or other programs that can lock you out of your data.
Scammers often use familiar company names or pretend to be someone you know. Here’s a real world example featuring Netflix. Police in Ohio shared a screenshot of a phishing email designed to steal personal information. The email claims the user’s account is on hold because Netflix is “having some trouble with your current billing information” and invites the user to click on a link to update their payment method. Read more...
Think about this scenario: A friend tells you that they received a message from your email address that wasn’t really sent from you. They think you’ve been hacked and your account is sending malicious emails to friends. How do you know if your email address account has been compromised, or if this malicious attempt is just spoofing your email address?
Email “spoofing” means that an attacker is impersonating you by pretending to send an email from your account. The recipient of the email will see your email… but if you dig deeper into the email message’s contents, you can often see whether the email was truly sent from your account or only made to appear so.
This type of impersonation is possible because email messages can show a difference between “display” information and the actual information embedded in what’s called the “email header”. Spoofing is an attempt to forge the email header, taking advantage of email protocols’ lack of authentication. Read more...
used with permission from Tektonika (HP), by Karen Gilleland
“Gimme the dough—or you’ll never see your files again!” In this scenario, the thug in the mask is ransomware, and it’s only one of the ways cybercriminals attack businesses—which are often left vulnerable due to poor business security or cybersecurity practices. Alongside the devastating effects cyber attacks can have on individuals, cybercriminals are sucking billions of dollars out of the economy, and you do not want your business in that position.
Toward the end of 2017, the US government passed H.R.2105, a law aimed at helping businesses beef up their cybersecurity by providing guidelines about effective tools and strategies to combat the rise of cybercrime. The National Institute of Standards and Technology (NIST) has been charged with developing a comprehensive set of guidelines by October 2018, but what can you do while waiting around for that to happen? Start firming up your IT environment with the following tips, of course. Read more...
used with permission from FTC.gov., by Cristina Miranda
It’s enough to send shivers down anyone’s spine, but these chilling words are part of a new scam targeting men.
Here’s how it works. Scammers have been sending letters to men, demanding payments using bitcoin in exchange for keeping quiet about alleged affairs. The letter also explains how to use bitcoin to make the payment.
This is a criminal extortion attempt to separate people from their money.
If you — or someone you know — gets a letter like this, report it immediately to your local police, and the FBI.
Threats, intimidation and high-pressure tactics are classic signs of a scam. Learn how to stay ahead of clever crooks with these practical tips, and check out the ways you can keep your personal information secure.
used with permission from Tektonika (HP)
Information security breaches are becoming so commonplace, they’re seen as the cost of doing business—but they don’t have to be. Promoting internet safety and device security isn’t as hard as it might seem. By making small changes to online behavior, IT professionals and users can do a lot to keep their business safe. And the first way you can start is:
Stop using passwords
Wait, what? You read that right: The National Institute of Standards and Technology (NIST) recently came out with new guidance on password best practices. According to Mike Garcia, former director of NIST’s Trusted Identities Group, the gist of these guidelines is, “Simply put: Use passphrases, not passwords.”
This is great news for any users who spend a lot of time in “Forgot Your Password?” purgatory. For years, the advice for keeping passwords hacker-proof was to make them more complicated. But that made them user-proof, too. Read more...
As some of you may already be aware of, there has been a large scale email phishing attack that impersonates a Google Docs request. Although it may appear that the email requests are coming from a known sender or domain, they are using techniques to spoof those addresses. These emails contain hyperlinks or files that contain Trojans, worms, or other malicious executable files that can hijack your system and potentially your network if gone unnoticed. Please take extra effort to watch for any emails you receive that might have a subject line “You have received a new document from email@example.com” with a sender of “Google Documents”, or unknown sender. If you do receive any emails that match this description, do not open any attachments or follow any links. If you have any concerns, or questions please reach out to our support team.
used with permission from HP Technology at Work
Is your company’s email providing a tempting route for cyber criminals to attack your business? Hackers continue to target businesses with phishing attacks. Once opened, these malicious email messages can hijack an entire company’s financial information and gain access to funds and personal information. Email is a business essential, but also an easy avenue for hackers to use and abuse. How can you keep your business secure?
The human factor
Businesses of all sizes face vulnerabilities via email. When email accounts are hacked and compromised, cyber criminals can gain access to information including user names, telephone numbers, birthdates, passwords, and unencrypted security questions.
Email is a common entry point for hackers because it’s an easy way to exploit the weak link in cybersecurity policies: humans. Employees rushing through their emails can easily click on a malicious link. No wonder that a recent survey reveals some 90% of cyber attacks initiate with email. Read more...