Joe’s email got compromised today. He didn’t do the right things to protect himself, and is now paying a huge price.
First, the bad guys got into his email and learned how he writes his emails, what his signatures look like and who he emails regularly. Then they made a plan, and he lost over $100,000 because he believed his business was too small to attack.
Background
Email has become an essential and trusted form of communication for both personal and business ventures. From social media to banks to hospitals, email communications often hold personal and sensitive information. This information makes email a prime and popular target for internet hackers and interceptors. To better protect you, the dedicated team at Integris has created this in-depth guide to email threats. Our team also provides tips on how you can keep your email and sensitive information safe.
Threats to Your Email
Before we get to the steps you need to take to keep your email safe, you may want to know some of the ways you are being hassled and attacked.
Overwhelming Spam
Whether you use email professionally or personally, you have probably already encountered the dreaded spam email. Most of these emails are obviously not from a trusted source, while others do a much better job of seeming like a legitimate person or institution trying to reach you. Most of the time, spammers get your email from online registries or places you may have listed it, for example on social media accounts. Thankfully, spam protection software is getting more advanced, helping to stop spam in its track. While it is recommended for personal email users to use this software, it is almost mandatory for businesses to do so.
While one or two spam emails can seem harmless, a bunch of them can bog down email servers, eat up network bandwidth, and drastically decrease employee productivity. You do not want your employees to spend countless hours sifting through junk mail. Instead, you want to focus on the emails and work that matters so that you can continue to move your business forward.
This is not an attack per se, but does effectively use up your time.
Integris’ Anti-Spam Solution
If your business has to deal with a large number of spam emails regularly, it is essential to invest in anti-spam software. Integris offers a comprehensive spam protection solution that is designed to eliminate spam before it ever hits your inbox. Allow your team to focus on their work without worrying about missing an important email buried by spam. Cut down on unnecessary costs, mitigate your IT security threats, and make the most out of your workday by partnering with Integris today!
Integris Pro-Tip; Don’t Open Attachments From Unsolicited Emails
A golden rule of email is to never open an attachment from an unsolicited email. Oftentimes, these attachments contain viruses and other harmful attacks on your computer. This also includes emails from known senders that may look suspicious or links from unknown senders. If you ever feel uncomfortable or wary of an attachment or link, don’t click on it. If you know the sender, contact them and ask them about it. Odds are, they were hacked.
Transit Threats
Emails can also be attacked in the middle of transit from the sender to the recipient. This is known as a “man in the middle attack” (MitM). This attack is a form of eavesdropping in which a third-party user spies on information passing between two parties. These kinds of attacks can lead to spear phishing, which is when an email or other fraudulent communication asks you to provide personal information.
There are two different types of MitM:
- Traditional MitM: The attacker sets their machine as a proxy between your computer and the internet connection you are using. The email then has to go through the attacker’s machine first before going to the recipient. This is pretty rare. An attacker would have to have access to your network, or the MSP’s network, or access to your DNS provider.
- Browser (MitB): This type of attack uses malware that is loaded on the user’s computer to compromise the email account or find financial information. This type of malware is generally downloaded to the user’s computer by a link or attachment from a spam email. This is pretty common, but not the largest by any sense of scale.
- Phishing Attack: This type is the most common these days, and is how most MIM attacks are done these days. The attacker sends you a Phishing email, and you give him your credentials. (It will look totally legit, and you will do it without thinking in most cases). From there, the attacker sets up rules in Google or Office 365, and sends himself a copy of any email you send or receive, and he deletes it from the sent items list. You will never know he was there. From there, he learns who the boss is, learns how money is transferred around, and plans his attack.
This is what happened to Joe, and it was totally preventable. Joe got phished, and they figured out what was happening in his business. Later that month, the hacker sent an email as Joe to his accountant telling them to wire transfer $120k to a location for a current job. The accountant verified that what he was asking was real in the response email. The attacker (as Joe) said it was, and that it was urgent. The accountant knew about the job, knew the money was needing to be sent, but sent it to the hacker’s account (from the email) instead of the job account. The money was lost.
This would have been prevented with two factor authentication and better accounting processes. This happens every month to companies in DFW, and no one is immune.
Integris Network’s Pro-Tip:
Invest in two factor authentication. This tool will eliminate almost all phishing attacks from your email and network. If an attacker phishes your credentials, they still won’t be able to log on to your email.
Secondly, Invest in upgrading your email security. Microsoft has a new product (an upgrade from Office 365) called Microsoft 365. It includes tons of tools to make your network and email safer and protected from attacks and other threats.
Thirdly, invest in GAAP accounting controls in your organization to prevent this kind of mishap.
For businesses, make sure to invest in network protection to keep external threats from sneaking in. Security and threat management is extremely important to keep your daily operations running smoothly, minimize downtime, and prevent data theft.
Encrypt Sensitive Data for Further Protection
If your business is constantly sending sensitive data through email, encryption can further defend your business from hackers. Email encryption scrambles the message while it is in transit, making it more impossible for hackers to translate it. When the email reaches your recipient, the email will unscramble itself, allowing them to read it in a secure location. Although email encryption services vary, most are cost effective as they reduce the risks of sensitive data being stolen.
Defend Your Email With Integris
From email spam protection to email encryption, the knowledgeable team at Integris can help you find the solutions that best meet your business’s needs and protect you from hackers. Don’t let spam keep you down and don’t let a hacker steal your business’s sensitive data; contact our team today. With Integris on your side, hackers don’t stand a chance.
