In the tech industry today, even the most reliable tools can be used against you. Five Nines has recently discovered phishing attempts that are in the form of an Office 365 verification email. Wouldn’t you be enticed to click on the links in this email?
Unfortunately, just because it is Office 365, and just because many Office 365 tools are hosted online, does not mean it is any safer. When it comes to cybercrime, you must have a healthy paranoia about everything. Anything is open game.
WHAT TO LOOK FOR
A lot of these phishing attempts happen through email, mobile messages, or unprotected webpages. Here are a few quick tips we recommend:
- Double check the sender’s email address, is it from a suspicious domain? Are there any tiny grammatical errors? (EX. micorsoft-support.com)
- Why is the sender asking you to click on a link? Is it to avoid negative consequence or to gain something of value? Think twice about whether it’s a link you should be clicking on.
- Did you receive the email at an unusual time that is not during business hours?
- Are there misspellings in hyperlinks?
- Does the attachment in the email relate to the content of the message?
Keep in mind, phishing attempts may be in the form of reputable organizations and programs, such as Microsoft and their Office 365 software. For consistent FBI updates on current cybercrime schemes, click here.
WHAT TO DO ABOUT IT
There are a couple of important components that must be put into place to keep your organization protected from clever cybercrime tactics. First, the antivirus you use is very crucial in protecting your business. Five Nines utilizes Cylance, if you don’t know a lot about this antivirus Five Nines just hosted a Cylance webinar, download it here.
Antivirus aside, one of the more impactful solutions to prepare for potential cybercrime attempts like the one above is user training and awareness implementation. Five Nines believes giving users the confidence to navigate their devices with the knowledge to identify real threats plays a huge role in fighting against cybercrime. It only takes one wrong click to cause a breach in your IT environment.
Situational training is very helpful, as it provides real scenarios of actual phishing attempts and puts your employees to the test to see if they can identify these attempts themselves. Giving your teams the right tools they need to not only be efficient and productive, but also aware and alert will give your IT environment a significant advantage.
If you’d like to see examples of how Five Nines implements user training, click here for our free Gone Phishing webinar recording.
AN ONGOING PHENOMENON
Cyber crime and phishing attempts will not be going away anytime soon, in fact this phenomenon is predicted to get worse each year. It’s a threat everyone needs to be aware of and prepared for.
According to Cybersecurity Ventures, cybercrime is currently the greatest threat to every company in the world. By 2021, cybercrime is predicted to cost the world up to $6 trillion on an annual basis. These costs derive from destruction of data to productivity loss to the restoration of hacked data systems.
The statistics are scary and intimidating, but you don’t have to fight cybercrime alone. Avoid having someone on your team click on something like the email above by implementing user training within your organization.
Five Nines offers user awareness training to make sure all teams are prepared for the possibilities of phishing attacks and other cybercrime initiatives. If this is of interest to you, click the button below and we will start the conversation about how to train your team.
Cybercrime is growing, but so are protective measures. Take action and prioritize cybercrime prevention to avoid being part of the statistics.
We'd like to throw a quick statistic your way. According to the security awareness training platform KnowBe4, 91% of successful data breaches start with a Spear Phishing Attack. Why is this significant? This number proves that end-users are the vulnerability when it comes to IT security.
Now that we have gotten your attention, we'd like to provide you with a breakdown about what phishing really is, how it works, and how you can avoid being a target and the weakest security link.
WHAT IS PHISHING?
Phishing is when hacker sends an email to a user in hopes that the individual clicks on a link or opens an attachment within the email. Once the link is clicked or attachment opened, the hacker gains access to personal information of that user on that device. Afterwards, they can gain access to the network, and once they gain access to the network they can do the same thing to any computer that's connected to that network. All with just one click.
HOW IS IT DONE?
First Step. You can receive a phishing email despite the antivirus software or extra protection your organization has in place, so you can never be too careful. Hackers can get their hands on thousands of emails by using scripts on large search engines. Then, by conducting a little research through your organization's website or social media platforms, hackers can get an idea of what kind of antivirus software is used within your company. They can then customize an attack to you before sending a flawless, undetected email.
Second Step. Whoever wants to steal your information will reverse the traffic on your network back outside of your organization. To do this, they connect their hidden network directly to yours, making it difficult for your IT security software to recognize and stop.
Third Step. It's important for hackers to make the phishing email seem as real as possible, so that users mindlessly click on the email. This email doesn't have to necessarily come from a stranger. It could be in the form of a friend, spouse, a supervisor, or even a brand.
Once a user clicks, hackers have the power.
Prevention is all about constantly being on the defense. It's important to educate and train all end-users throughout your organization, and it's all about working to make sure your IT environment is properly secured in all aspects.
According to the 2017 Cisco Security Report, 57% of cyber-attacks derive from user behavior, an example being the act of clicking on malicious links within emails. Information is the core of every business and is something that needs to be protected. Company data is too significant to compromise over a phishing email that can be prevented.
Don't be the next big fish a hacker catches. Watch our FREE webinar that will give you all of the information you need to avoid falling victim to a phishing attack.
Viruses strike, hardware fails, users click on things they shouldn’t, natural disasters and theft, the list goes on. When disaster strikes, how much are you willing to lose? Learn more about today's threat landscape, how to protect your business, and how to plan for when your defenses fail.
Miss the NE Tech Summit? Download our free presentation to learn more about how you can implement an IT Business Continuity Plan for your organization.
Jeff Newton - Senior Account Executive at Five Nines
Adam Palmer - Senior Systems Engineer at Five Nines
Sit back and learn about the NE Tech Summit Session about Planning For The Worst.