Spammers and exploiters will do anything to get into a company’s IT system. This is referred to as Phishing. They primarily try to do this with fake emails that draw a person to a website that can exploit PC vulnerabilities or an email with a fake attachment that you open and an exploit is used to gain control of your PC.
A recent trend is to send fake DocuSign, Dropbox, OneDrive, or other shared file links for download. Unless you specifically know that you are supposed to receive this link, be extremely cautious.
Another recent trend is to send emails claiming your email account has been hacked by spoofing your email to make it show as if it is From your own email address.
Attackers are constantly using more sophisticated means to attack us. They use spoofed data, and build realistic targeted emails that if accessed may cause serious complications. A realistic targeted email may say it’s from your best buddy or it may mention a name of someone you know from Facebook or LinkedIn, or even someone you work with. They build emails to look identical to popular companies, like DocuSign, Microsoft, American Express, etc… but replace hyperlinks with malware links to websites.
Typical fake email attempts will come as:
- Fake quotes/RFQs – typically marked as URGENT to invoke emotional response rather than logical assessment. Curse words will often be used in emotion provoking emails.
- Fake credit card charges
- Fake payment due alerts
- Fake password reset requests
- Fake account lock outs
- Fake invoices
- Fake receipts
- Fake order confirmations
- Fake voicemails
- Fake emails with URLs that do not go to where they say. Scroll over hyperlinks and check the destination in the tool-tip to confirm it matches the intended destination before opening. Some URLs have Ad tracking and may be harder to identify the URL. Always ask your local IT guy before opening if in question.
Verify the sender is a real person before opening emails that are questionable i.e. call the phone# in the email, verify why the person has emailed you if you are unaware of why you received an email.
- Do not open attachments unless you are certain that you know what they are. These can contain code that performs malicious actions or exploit a vulnerability. NOTE: If you receive an email with multiple attachments and they all have the same size than they ALL need to be questioned as real or fake.