Cyber criminals may use a phishing kit that impersonates a popular cloud-based email service. Once the victim’s email account is compromised, cyber criminals look for evidence of financial transactions and often reconfigure the mailbox’s rules to delete key messages or enable automatic forwarding to an outside email account.
Cyber criminals can use the information from the compromised account to impersonate email communications between compromised businesses and third parties such as vendors or customers, to redirect pending or future payments to fraudulent bank accounts. Often cyber criminals use the account’s address book to identify new phishing email targets. Thus compromising one email account at one business often results in multiple victims within an industry.
To avoid being victimized by an email phishing campaign, train employees. Teach employees to recognize phishing emails, scrutinize email links, not open attachments in unsolicited emails, and only download software from trusted sites. Also, they should verify all payment transactions and changes via a known telephone number or in person.
IT administrators can ensure antivirus and anti-malware software is set to update and scan regularly, and that all patches for the operating system, software, and firmware are up-to-date. Email security precautions include enabling anti-phishing and anti-spoofing security features, prohibiting automatic forwarding to external addresses, identifying outside messages with a banner, prohibiting legacy email protocols that can circumvent multifactor authentication, and logging and retaining changes to mailbox logins and settings for at least 90 days.
NSC Information Technology Group can work with you to establish better security and a best-practices approach to password creation, safe internet browsing, and email security. By training employees and teaching them how to distinguish between safe and unsafe links and attachments, you reduce your exposure—and that of your customers —significantly. NSC Information Technology Group can also help you establish a backup and disaster recovery plan should the worst-case scenario take place.