Spam emails, phishing emails, and emails that contain malicious content are nothing new. These types of messages have been an ongoing source of trouble for businesses and individuals alike for a very long time, and won’t be going away anytime soon. However, we’ve noticed recently that there seem to be even more of these potentially harmful emails making the rounds than usual, and that’s a cause for concern.
This substantial increase in malicious messages is creating real problems for targeted businesses. While the bulk of these emails are being successfully caught by spam filters and other network security measures, the sheer number of emails being sent out has made the odds of something managing to slip past your business’ defenses higher than normal. This doesn’t mean that your technology or your technology partner aren’t doing what you need them to be doing, it simply means that statistically speaking, there is a good chance a threat may find its way into your inbox regardless.
Spam filters are constantly updated, with the signatures of known threats being added to your filter’s database in order to make sure they’re recognized and stopped. As more signatures are added, fewer of these messages will be able to reach you and your employees. Your spam filter is doing most of the hard work for you, but the current high volume of threats serves as a great reminder that you should always be on the lookout for suspicious email.
For business owners, staying a step ahead of a potential infection, intrusion, or scam means making a point of learning the basics of how to spot spam and phishing attempts and training your staff to do the same. For employees, it means taking cyber security training seriously and actively applying what you know about how cybercriminals operate to your daily tasks.
There are a few common characteristics malicious emails share that make them easy to pick out once you know what you should be looking for. Spam and phishing red flags include:
- Overly-urgent or threatening-sounding subject lines
- Generic salutations (messages that aren’t addressed to a specific recipient)
- Spelling mistakes or grammatical errors that indicate a poor grasp of the English language
- Attachments that you were not expecting to receive
- Embedded links that don’t match the hyperlink text
- The sender indicating that their request needs to be met within a very short timeframe and/or implying that there will be consequences if you fail to act on their request
- The message seemingly coming from a familiar sender, but from an unfamiliar email address
- The message containing a request that wouldn’t normally be sent to that recipient
- The sender requesting sensitive information that normally wouldn’t be shared through email
It’s always a good idea to use caution when opening any attachment or clicking on any links sent to you through email. If anything about a message you receive seems even the slightest bit suspicious, take a moment to read the message over closely. You should never hesitate to follow up with the sender or check with a supervisor before acting on an email that just doesn’t feel right. Taking a few extra minutes to respond won’t cause any harm, but opening an attachment that contains malware certainly will.
If you’re trying to verify the contents of a strange-seeming email, it’s important to remember not to use the contact information provided in the email to follow up. Even if the phone number in a signature line looks right, take the time to pull up a company contact sheet or internal database, especially if it’s for someone you don’t normally have contact with. That way, you know for sure you’ll be speaking to the right person.
One of the major weak points in the human component of many businesses’ cyber security policies is a reluctance for employees to raise concerns with management or supervisors for fear of being told they’re wasting time. Employees should feel comfortable asking questions, even if they seem like “dumb” questions. Following up on an odd request or double-checking that the files they’ve just been sent came from the person they’re supposed to have come from can spare your business a ton of lost productivity, and protect critical data from corruption or theft.
Discussing cyber security training with your IT provider is a great way to make sure you have access to the latest information and the resources you need to educate your team effectively. It’s important to remember that just like technology itself, threats leveled at your technology can change and evolve quickly. Routinely sharing updated information and retraining your employees on important cyber security skills is crucial.
Want to learn more about the steps you can take to keep your staff educated and your business secure? Contact Alltek Holdings at firstname.lastname@example.org or (770) 949 today. We’re the cyber security experts businesses in Atlanta trust. -9468