IT Insider Blog

New call-to-action

Tricks of the Trade: How Cybercriminals Use E-mail to Exploit Businesses

Posted by Mandry Technology Solutions on October 5, 2020 at 4:20 PM

Phishing attacks use email or malicious websites to infect your machine with malware and viruses to collect personal and financial information. E-mails or websites may appear to come from a real financial institution, ecommerce site, government agency, or any other service, business, or individual. Prompts on websites or e-mails may request personal information such as account numbers, passwords, or Social Security numbers.

 Be wary of messages that elicit a response to provide information:

  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
  • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

Tips to Avoid Being a Victim of a Phishing Attack:

  1. Think before you click: Read e-mails and links carefully looking for clues on the nature of the e-mail. Treat known and unknown unsolicited E-mails or websites that prompt you to provide specific information as a potential threat until you can prove otherwise. Hackers will go to great lengths to make a website or e-mail look legitimate enough to get you to at least click on their links.

  2. Generic greetings such as “Hello Customer” Should be a red flag of a potential phishing attempt.

  3. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “off,” reach out to them via customer service to verify the communication.

  4. Use caution with hyperlinks: Hover over link to see if the destination of link matches and ensure that URL addresses begin with “https” as the “s” indicates encryption is enabled to protect users’ information.

  5. Ensure proper defenses of both network and end-users: Ensure firewalls are in place and antivirus/SPAM filtering is updated and the appropriate settings are applied to better protect end users’ systems. All systems should be regularly updated with security patches.

  6. Protect all personal information – As a general rule never share personal or financially sensitive information over the Internet.

  7. Keep your browsers up to date – Security patches should be installed on browsers as soon as latest update is available.

    New call-to-action