Right this minute, your business—specifically your staff—are being targeted.
They are likely on hundreds (if not thousands) of well-targeted malware campaigns.
These lists are NOT random—criminals do their due diligence to put together accurate lists of contacts that will be the most likely to give them access to your network. They also target positions in your business that have access to high value information, such as client contacts, social security numbers, credit card info and bank accounts.
With long lists of email addresses, hackers glean information with very precise phishing campaigns.
In addition, malicious spam emails nowadays contain single invisible pixels (gif images) that fingerprint how you or your staff receive email.
If someone were to open one of these spam emails, the invisible pixel will request and transmit your IP address to the server that hosts that pixel. From initial transmitted information, scammers and hackers will be able to know when you open the email and from what device (maybe an iPhone or in Outlook from your desktop).
Hackers will also know that your email address is valid and that their flavor of spam passes through your spam filter and that that particular user opens spam emails [NOTE: if your IT Support isn’t updating and monitoring your email spam, they likely aren’t doing enough to protect your business].
From a wide net campaign evaluating prospective phishing targets, a spammer will be able to put your users into categories. Categorization of user behaviors allows hackers to target specific user groups with focused and highly penetrating campaigns based on very specific user behaviors.
Many of the emails that hackers use to initially get a feel for your users may seem harmless enough. Many may be related to hobbies or vague questions. You likely won’t see a threatening email or one initially getting you to click on a link (that will come once they understand your or your user’s triggers).
Designing a compelling phishing email
Once they’re armed with tidbits of valuable user information—how and when your user opens email and what type of spam passes through your network undetected—hackers will start crafting compelling emails targeted at your specific user audiences.
They will identify key important players—don’t think that an initial email recon mission that identifies easy targets would be the end to a hacker’s phishing strategy.
Hackers will do research on social media—LinkedIn and Facebook—to evaluate how they can leverage their targets. They will determine how to communicate with those targets and identify strategies to get your target users to click on a link or do some action that will get them into your network to steal information, compromise your servers for their use in expanding their attacks or ransom your data.
More often than not, phishing emails will get users to click on a link that will take them to an infected website. At that point, their workstation will get infected. And, based on the sophistication of recent attacks, that attack could spread throughout your entire network.
How can your users identify phishing emails?
Sender demands confidential information—one golden rule in email communication is to not email sensitive information. If you or your staff aren’t expecting to hear from the sender to follow up in getting specific information, err on the skeptical side. If you know the person requesting the information, call them before giving anything out. If you do not know the sender, ignore the request and consider the email a phishing attempt.
Suspicious FROM address—while you may recognize the sender’s name—it may be from Judy in accounting or from your boss—look closely at the actual address sending the email. It likely won’t look quite right. For instance, instead of using an address like @yourbusiness.com, scammers will often send email from similar, yet very suspicious domains, such as @yourbusiness-x.com. If you’re not careful and don’t pay close attention to the FROM address, you could easily be duped!
It is critical that your staff always check the FROM address and only apply to email addresses that they trust, to avoid leaking confidential information.
Your immediate action needed—many scammers successfully instill fear in their targets by communicating immediate urgency. “Your account has been compromised”, “Your account has been locked”, “Immediate action required” are very common subject lines. The criminal’s intent is to fluster you and your staff into taking irrational action. Before reacting to such emails, take a minute to pause and ask whether the email looks legitimate, makes sense, and that the information you are handing over won’t compromise you, your team or your business.
Embedded links to strange websites—unless you reply directly to a phishing email with personal information or credit card info, the most likely action scammers will want you to take is clicking on an embedded link within an email. Most often that link will take you to a site that either resembles the legitimate site (both URL and page appearance), but many times something will be wrong with it.
The best rule of thumb: copy links into your browsers. Many times, embedded links can be masked. Even if the link looks legitimate, you may be rerouted to a malicious site that can infect your computer (or your entire network!).
Poor grammar and spelling—while scammers are getting better at mastering American English—specifically how we speak and write in and around Philadelphia, many scammers are successful enough that they resort to poorly composed email. A strangely worded or poorly written email is likely NOT one sent in good will. Any emails with bad grammar or spelling should be avoided.
IN ALL SERIOUSNESS. Hackers are getting much better at how they target your business and your users. Evaluating your IT Security—both policies and procedures, but also how your IT Support team interacts, informs and engages users in keeping your business secure—is critical to preventing harmful (often costly!) ransomware, data leaks and attacks on your business, clients and staff.
If you’re at all concerned with your business security, contact us TODAY for a FREE security roadmap meeting to evaluate how to keep your business safe.