Email is one of the easiest and most reliable ways to connect with your clients. And, with the added bonus of allowing you to track your communication, you will never have to guess what your client said when.
But for all of the time management and organizational gains that email provides, it has one major vulnerability. Email is the road into your computer and once someone gets in, they can follow the digital arrows to infiltrate the firm’s entire IT system.
Clicking on a spam email allows hackers and spammers to easily bypass your firm’s security system and get their hands on confidential information – like Social Security and financial account numbers that can be sold on the street. Or they can hold your data ransom until you pay, usually in the form of bitcoins, to have it released. And if this hack does happen, chances are your IT partner will have to restore your lost or corrupted files, and that can only happen if they’ve been properly backed up.
So how do you prevent utter email destruction? Below are several common tactics that spammers and hackers employ. If any of your staff fall for their tricks and open that suspicious email, it will not only cause a major headache with huge downtime, but breach your firm’s security as well.
#1 – No Phishing allowed! One incorrectly identified phishing email is all it takes to infiltrate a business. McAfee conducted a quiz of 30,000 business users in 49 countries. Only 6 percent of the respondents correctly classified all of the emails as legitimate or phishing. 80 percent of all employees fell for at least one phishing email. If you suspect your message is phishing, hit Alt-F4 or upper-right “X” instead of “Cancel” or “Close” to close the email.
#2 – Email FakeOut: If you see an email from someone you know with a message that just doesn’t seem right, it doesn’t necessarily mean they’ve been hacked. But in reality, spoofing email addresses is a very simple hacking trick. Learn how to read message headers and trace IP addresses. In Outlook, you can double-click to select the spam message and open it in a new window to avoid clicking on the email. Click File > Properties to display the Internet headers.
#3 – Solicitors Not Invited: A legitimate company would never send out an unsolicited email asking users for personal information. Likewise, a real company would never send out an unsolicited email asking you to download an attachment. Even if the message looks real, understand that if it’s unsolicited and is asking something of you (or even threatening you), then it’s a scam. If you think there’s a chance the message is from a trusted organization, then you can double-check by calling the company about the email with the phone number from your records, not the one provided in the email. But under no circumstance should you click or download on any attachment found in the email.
#4 – Beware of phony and mismatched URLs: A legitimate email will contain URLs pointing back to the company’s official website, and a trusted website will often have a name that’s straightforward, like http://totalnetworks.com. A hacker may go so far as to make a malicious website using a URL that looks similar, like Total Networks.ComputerVirus.com, so be sure to take a hard look at the URL before clicking on it. When in doubt, type the URL into a search engine. If it’s a scam, then there will be red flags all over the first page of search results.
Also, look to see if the URL displayed in the message matches the actual URL. Hackers will often type a legitimate URL in the message, and then hyperlink their malicious website to it. You can check what the URL really is by hovering over it with your cursor. Depending on which browser you use, you should see the linked URL display on the bottom of the screen. If the address doesn’t match, then it’s likely a scam.
Taking a few extra seconds to vet a suspicious or even wholesome looking email can mean the difference between narrowly missing a cyber attack and full-on email warfare. This precaution will keep your firm’s records safe and save you the headache and expense of having to restore your system back to sound working order. Dave Kinsey