Employees are often on the front line when it comes to keeping enterprises safe from cyberattacks. In a quickly evolving digital landscape, cybersecurity threats are keeping pace with enterprise security measures, and cyber criminals are developing more sophisticated hacking methods.
With the worldwide cost of cybercrime damages expected to hit $6 trillion by 2021, and 90% of cyberattacks being delivered by email, it’s never been more important for employees to be aware and vigilant of the potential cybersecurity risks posed through fraudulent e-mails.
Types of email-based cybersecurity attacks that are on the rise:
In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an email asking you to verify your account details with a link that takes you to an impostor login screen that delivers your information directly to the attackers.
Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to your company in the email to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
Whaling is another phishing tactic aimed at “reeling in the big fish”. Using spear phishing tactics to target high-level executives or others in powerful positions or job titles, the hackers hope to gain access to a company’s most sensitive and valuable data like intellectual property, financial data or customer information.
Similar to phishing, hackers will impersonate your CEO. You may receive a seemingly urgent email asking for corporate credit card information, money wire transfer, or corporate financial information. Cyber criminals may use social media to see when a CEO is at a conference or learn enough about the CEO to impersonate them.
Shared Document Phishing
You may receive an email that appears to come from file-sharing site like SharePoint alerting you that a document has been shared with you. The link provided in these emails will take you to a fake login page that mimics the real login page and will steal your account credentials.
8 Tips to Reduce Risk: What you can do
- If asked for sensitive company information or if asked to carry out a financial transaction (wire transfers, purchases) on behalf of the CEO, verify with the sender through a phone call or in-person conversation.
- Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Watch for email senders that use suspicious or misleading domain names.
- Inspect URLs carefully to make sure they’re legitimate and not impostor sites.
- Do not try to open any shared document that you’re not expecting to receive.
- If you can’t tell if an email is legitimate or not, contact your company’s IT department.
- Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
An ounce of prevention
Not all cyberattacks can be avoided, but consistent communication from the IT department reminding employees of potential email threats can go a long way in reducing cyberattack risk to your company.
Dynamic provides solutions to mitigate cybersecurity risks, so your internal IT team can stay focused on innovation and business goals. Contact us today to get started. Call 866-399-1084 or email us at firstname.lastname@example.org.