11/6/2020

We are seeing more and more companies experience having their email hacked.  This usually results from a phishing email attack and someone has fallen victim to providing their password for access to the network.  The hacker then uses their work email for malicious purposes.

The No. 1 defense against phishing emails is to pause before clicking. First, check for signs the sender is who they claim to be:

• Look at the “from” field. Is the person or business’s name spelled correctly, and does the email address actually match the name of the sender? Or are there a bunch of random characters in the email address instead?
• While we’re at it, does the email address seem close, but a little off? For example, riggdistier.com or riggsdistl3r.com
• Hover your mouse over any links in the email to see the true URLs they will send you to. Do they look legitimate? Remember not to click!
• Check the greeting. Does the sender address you by name? “Customer” or “Sir” would be red flags.
• Read the email closely. Is it generally free from spelling errors or odd grammar?
• Think about the tone of the message. Is it overly urgent or trying to get you to do something you normally wouldn’t?
• When in doubt, pick up the phone and call the person.  Be very wary about any emails that do not have a contact number.  I know of two instances this year where each company was compromised to the extent that emails coming back them were redirected to somewhere else and the hackers changed the contact number on the company website.

Never give your password!  If you do click on something and it is asking for your password, don’t provide it.  Many phishing attacks will mirror other actions (i.e. time to change your password) so they can obtain your password and hack into your account