In today’s cyberwar climate, everyone is a target – not least for malicious phishing emails.
An attack vector used by criminals to gain access to personal information – such as login credentials or banking details – phishing usually manifests in email, SMS, or telephone messaging. By posing as a trusted sender to dupe targets, perpetrators present a significant threat to organisations large and small, with the potential to gain dangerous foothold into corporate networks and compromise sensitive information.
What’s more, with the increasing sophistication of cybersecurity attacks, it can be hard to differentiate genuine digital communications from fraudulent ones. Emails sent from malignant senders may read well and look professional – sharing an acute likeness with examples that have landed in your inbox before – but that doesn’t always mean they’re legitimate.
However, by exercising caution and looking out for the major warning signs, there are ways to arm yourself from these invasive attacks. Although state-of-the-art technology is available to help identify threats, it’s unrealistic not to expect some to slip through the digital net – that’s why humans must be a primary defence, too.
So, without further ado, here are five tell-tale signs that you should bear in mind…
1. Grammatical errors and misspellings
An immediate signal that an email has come from an untrusted source is that it contains grammatical errors and spelling mistakes – whether that’s one or two, or riddled throughout the entire copy.
This is because phishers don’t have access to the same resources that professional writers do, and so their work has seldom been proofed and standardised by another pair of eyes. Because cybercriminals also spend a lot of their time distributing malicious messaging, their attacks are often rushed and therefore more likely to contain errors.
Of course, legitimate emails can sometimes land with minor mistakes, likewise fraudulent ones aren’t always replete with typos, so be sure to consider other factors before jumping to conclusions.
2. Inconsistencies in email addresses, link, and domain names
Looking for discrepancies in email addresses, links, and domains is another way to identify potential phishing attempts. Unless made explicit previously, a sender’s email address should align with prior correspondence – if it doesn’t, this should raise alarm bells.
It’s also worth checking that embedded links throughout a message correlate with the pop-up that appears when a cursor is hovered over the top. For example, if you have received an alleged email from Central Networks, yet the domain of the link doesn’t include ‘centralnetworks.co.uk’, you should flag this as a potential threat. Checking for misspelling is also crucial here, as a sender may pose an almost identical alternative, such as ‘centrallnetworks.co.uk’.
3. Suspicious attachments
Stretched, blurred, or pixelated images – as well as attachments that are unexpected, don’t offer a preview, or have an extension commonly associated with malware downloads (.sys, .exe, etc.) – should arouse suspicion. However, with the right software, recipients can scan these for viruses before choosing how to act.
If an infected attachment is presumed to be benign and opened, it will unleash malware onto the victim’s computer and enable cybercriminals to perform any number of nefarious activities.
Unless you’re entirely confident in the legitimacy of an image or attachment, it’s always best practice to leave them unopened. You could always contact the sender through an alternative method to verify the contents, if you think it might be important.
4. A sense of urgency
Perpetrators have a tendency to create panic in their digital communications, largely because swift decision-making has the ability to cloud judgement and leave errors undetected – ultimately ruining their plans to compromise your data.
While urgency can take shape in various ways – such as suggesting that an account is restricted, that details have expired, or even threatening negative consequences if a demand is not met – the likelihood is, someone who had a genuine need for haste would reach you on a personal contact number to speak directly.
Always be cautious with time-sensitive requests, and make sure they align with something you’d expect. For example, if you’ve just had a failed attempt to log into a Microsoft account and received an email saying that your password must be reset, it’s probably real – though be sure to check for other areas of concern so you can be confident it’s not a cyber-attack.
5. Unusual requests or an unfamiliar tone
Intuition is a real virtue in the digital world. If an email arouses suspicion because it doesn’t seem like something you’d usually be approached for, or how someone would usually communicate with you, it’s a good idea to trust your senses.
For instance, if a colleague is overly familiar – despite having only engaged with you once or twice – or a company that you don’t recall having any involvement with requests updated information, this should raise a red flag. It’s always a good idea to look for other indicators that such examples could be illegitimate.
Identification is the first step in any cybersecurity strategy, which is why employee awareness of phishing scams is crucial. The chances are, if one member of the team is on the receiving end of a threat, others are too. By reporting suspected fraudulent emails to the incident and security response team – or your organisational equivalent – employees can enable rapid responses to potential phishing attacks and help mitigate the risks of sabotage.
Falling prey to cybercriminals can be daunting, but with the right knowledge and procedures in place, it’s an avoidable feat that can help protect not only your personal data, but also your reputation, time, and expenses.
For further support on phishing, please don’t hesitate to contact our team. Or if you’re seeking assistance with a wider variety of professional IT services – to help streamline operations and spearhead strategic growth – we’d love to chat about that, too.
You can reach us on 01706 747 474, or by emailing email@example.com.
Despite the integral role email plays in maintaining consistent communication in both professional and personal use, many of us take default email privacy and security features for granted.
No matter the size or scope of your organisation – or the status of your individual profile – email hacks and data theft remain some of the most prolific cyber-attacks amongst perpetrators across the globe, with the primary motive being to turn a profit.
And with over 319 billion emails sent and received worldwide in 2021 – each containing personal data – protecting your inbox from tragedy is crucial, especially as companies work to bolster our digital strategies throughout 2022 and beyond.
From ransomware and phishing to fraud and identity theft, there are a whole host of cybercrime categories in circulation to target vulnerabilities. The good news is, there are lots of tips and procedures that can remove both you and your organisation from the firing line, and help mitigate the nuisance and chaos caused as a result of malicious email attacks.
To spearhead your journey towards safeguarding your inbox, here are seven tips from the team here at Central…
1. Get to know your service provider’s Terms of Service
The first step in any digital privacy and security strategy is getting to know your email provider’s Terms of Service – only by knowing and understanding what the gaps are, can you fill them effectively.
While you might – rightfully – assume that your email provider shares the same values as you when it comes to data protection, this isn’t always the case. Take Google as a key reminder. If you’re not careful about who you grant permissions to, third-party developers could be trawling through your inbox. You can see an exhaustive list of those with access, by going to myaccount.google.com and going to ‘security’.
2. Adopt and maintain regular training protocols
Your employees are your first line of defence in any threat. Ensuring full compliance throughout your organisation is essential in reducing the likelihood of compromise, Furthermore, undertaking regular tests will allow you to evaluate understanding of best practice within your firm to better inform future privacy and security decisions.
For example, company-wide phishing exercises can uncover whether or not your employees could successfully identify a malicious email – with a notification being triggered from clicking a masked link. Alternatively, you could regularly quiz your staff on different scenarios, to see whether their approach to a security threat would be correct.
3. Download anti-virus software
Anti-virus software is self-explanatory – it protects your device against viruses. And with cyber-attacks becoming increasingly sophisticated, these programs are becoming increasingly accustomed to tackling a diverse range of threats – including using behaviour monitoring and machine learning to scope out threats before they even exist.
Not only does anti-virus software scan inbound email attachments for potential dangers, but it also monitors outbound communications to prevent spam emails or corrupted files from being distributed to your network and ruining your credibility.
4. Use multi-factor authentication
While weak passwords are an obvious risk to security, strong passwords aren’t always enough to keep cybercriminals out of your account. Hackers are often either sophisticated enough to guess your login credentials, or have powerful insight into information on the dark web.
Multi-factor authentication (MFA) offers additional inbox protection by relying on more than just a password to gain entry. Such measures include one-time passwords, responding to an SMS prompt, biometric scanning, or even diverting your login attempt to a pre-listed, alternative device.
5. Create custom email filters
Cyber criminals are coming up with innovative ways of evading your spam filter every day, but configuring your email account with tailored filters can help to catch those that slip through the net.
Involving both inbound and outbound proactive email monitoring, email filtering services classify messages into different categories to mark them as safe – protecting both you and your network. By partnering with security and data protection leader, Barracuda, Central Networks offers a complete email management solution – with powerful and customisable governing of messages – to ensure productivity isn’t impacted throughout your business.
6. Encrypt your connections
To prevent private and personal information from being intercepted by data thieves, it’s important to encrypt the connection between your device and your email server. You’ll know if a site is encrypted because it will begin with https://.
While some email service providers encrypt your connection automatically, others require you to actively alter your account settings. Using a Virtual Private Network (VPN) offers peace of mind that your emails are secure, by routing traffic through a separate server and making your online movements less trackable.
Alternatively, you can encrypt individual emails through designated apps that make private messages impossible to decipher, unless you are explicitly authorised to access them – even in cases where your inbox might be compromised.
7. Lock your device in public spaces
Whether you’re stepping away from your device for thirty seconds or thirty minutes, never leave your email account visible for others to read at a glance or – even worse – go in and access. Not only could they retrieve sensitive data from your inbox, they could also change your log-in information to prevent you from accessing it for good.
To temporarily lock your desktop, simply press Windows+L on a Windows device, or Command+Control+A on a Mac. Then, once you’re ready to go again, re-enter your password and see your tabs re-open as before.
Whilst specific requirements will differ from one organisation – and person – to another, these tips provide a great foundation for everyone to bolster their email privacy and security strategies even further.
So, whether you’ve fallen victim to an email attack or are simply concerned about your current level of protection, it’s important to explore what your options are. To hear further advice from our team of cyber security experts, or to learn more about the value we can add to your business, please don’t hesitate to get in touch.
Secure email gateways are no longer sufficient to defend against today’s sophisticated social-engineering attacks. These attacks bypass traditional security and end up costing organisations time, money, and brand equity.
Central offers the most effective email protection solution to prevent targeted social-engineering attacks by adopting a multi-layered approach that combines a secure email gateway, AI-powered fraud protection and advanced security awareness training.
In partnership with Barracuda, we are able to provide a complete email protection portfolio in a single bundle that is easy to buy, implement, and use. This offers comprehensive security against business email compromise, account takeover and other advanced developing email threats, all delivered as a cloud-based solution with direct integration to Office 365.
• API-based integration with Office 365
• Includes cloud-based backup and archiving
• Real-time AI-powered anti-phishing protection
• Brand protection using DMARC reporting and enforcement
• Tamper-proof email archiving for compliance and e-discovery
• Advanced, automated security awareness training
• Simple setup and management, with zero impact on network performance
• Complete multi-level defence that combines AI-based email security, compliance, business continuity, and user security training
• AI learns your communication patterns to detect personalised fraud in real time
• Unique API-based architecture stops threats inside your mailbox that traditional gateways cannot
• Uses vast, real-time global threat information network to optimise detection
What's included in the bundle:
Forensics & Incident Response
Limit damage and accelerate remediation.
Slow, inefficient, manual response processes give attacks time to spread further in your network. Forensics and Incident Response automates incident response and provides remediation options to quickly and efficiently address attacks. Easily send alerts, remove malicious emails and use threat insights to stop the spread of malicious threats.
Fight phishing with continuous training and simulation.
Some attacks will land in users' inboxes. What happens next depends how well they've been trained. Our solution uses customised simulations with daily0updated content to transform your users into a powerful layer of defence, by dramatically boosting their ability to identify social-engineering attacks and respond appropriately.
Defeat spear phishing and account takeover with AI.
Losses from socially engineered email attacks are in the billions of pounds and growing. They typically impersonate a trusted third party, to trick users into giving away credentials, data or money. Our solution detects and stops these costly attacks. It uses artificial intelligence to learn each user's unique communication pattern, to identify malicious intent and flag fraud attempts.
Keep your data safe and ensure business continuity.
You need data protection that boots resiliency, minimises downtime and simplifies recovery from ransomware and accidental data loss. We ensure data protection and business continuity with advanced email continuity and backup services, protecting against accidental or malicious deletion of emails and data.
Protect your business from email-borne cyber threats.
Modern attacks are rapidly growing in volume and sophistication - and 91% start with a targeted email attack. Our cloud-based security solution is designed to protect against spam, phishing, malware, ransomware and other targeted email threats. It combines heuristic, behavioural and sandboxing technologies to detect advanced, zero-day attacks.