Phishing threat is no joke, despite the widows and princes. The phishermen are out there – just make sure you don’t get caught.
Imagine: You come into work one morning and open a typical, innocuous-looking email. Unknown to you, that sets in motion a chain of events: Malicious code within the virus embeds itself within your laptop, forcing it to perform a series of hidden procedures that open gateways to your data, send spam emails to your contacts, and reproduce copies of the code. By lunchtime, several of your colleagues’ machines are doing the same thing. Twenty hours later, your entire network is infected, and all 70 employees are idled for two days!
Can it happen? It happened recently to a Red Level client. By opening a single email, business ground came to a complete halt for two days, costing the company capital, revenue, and opportunity.
Sadly, it’s something we see more and more often at Red Level as hackers and fraudsters become increasingly sophisticated; even normally cautious, vigilant people are tricked by scam emails like this one.
As the bulk mailed “phishing” scams lose their effectiveness, their creators are increasingly turning to individually-targeted “spear phishing” emails that closely resemble authentic messages from trusted parties. By sneaking past the recipients’ normal defenses, these emails expose users and their companies to more risk than ever. They may look like:
- A password authentication or reset message from a cellular service provider or online retailer
- An “opt out” message pretending to provide an opportunity to “unsubscribe” from additional mailings or services
- Business documents from a client or colleague that appear to be in a common format such as .doc or .pdf
- A conversational email from a friend or coworker, complete with an authentic-looking subject line and return address
Once a phishing message releases viruses or malware into a company’s data ecosystem, a rapid response is needed to mitigate the damage. Unfortunately, many companies remain unaware that they’ve been compromised for days or weeks.
At Red Level, we have several certified cyber-security practitioners on staff focused on prevention as well as restoration efforts. To keep systems and networks safe, users must be educated in the latest spear phishing threats and be aware of the subtle danger signs that differentiate a malicious email from a safe one.
A security training package is currently being developed to provide clients, once they’ve been vetted internally. In the meantime, we welcome you to contact us with any concerns you may have regarding email security, and if appropriate we can test any suspicious emails you may receive within a controlled environment to prevent risk to your systems.