New Year – New Email Resolutions For 2020
Happy New Year to all! The New Year has arrived and we’re excited to hear many of you have resolved to improve your email security awareness in 2020. For example, you may be more sensible with your replies to colleagues or reading emails more throughly and looking for illicit content.
The extra attention you give to the emails you receive and send might not last long. We’re optimistic that’s not the case. However, that’s exactly what cyber criminals are hoping for. Being full force into 2020, security experts are already seeing new phishing emails that deploy a variety of tactics. For instance, links to voice mail messages, requests to reset an expired Outlook 365 or Google password, or a so-called “customer” asking you to wire money.
All three of the examples provided can lead to different forms of data compromise, malvertising, or termination. First, opening a fake voice message file can install malware or other dangerous strains of data-stealing software. Second, entering your existing O365 or Google password into an illegitimate website can lead to a compromised account. Lastly, sending money to a cybercriminal posing as a vendor can lead to an employees termination. All of these examples can be prevented with education and best IT practices.
How can you protect yourself in the first few weeks of 2020 and throughout the year?
Inspect Every Single URL Closely Before Clicking.
The easiest way to do this is to hover over a link within the email and make sure the Internet address behind your mouse cursor matches the URL listed in the email copy. For example, say you receive an email from Lyft about resetting your password. You hover over the password reset link but notice the URL is pointing to a non Lyft link. You’ve detected an attempt of someone trying to grab your Lyft login credentials.
If you receive an email purporting to be from a company like Microsoft or Google, don’t click on the link that says microsoft.com or google.com. Instead, manually type those URLs (i.e. google.com) in the browser address bar to avoid being tricked into clicking on a malicious link.
No matter what type of email you receive or who you receive it from – take your time and read the email carefully. Chances are high if a person you interact with regularly has requested something peculiar the email is not from them. When all else fails pick up the phone and give the person a phone call.
Don’t Open Email Attachments Unless You’re Expecting Them
Many of the most dangerous cyberthreats come from attachments: malicious PDFs, Word documents, Excel spreadsheets, and MP3 or WAV files disguised as audio clips. Curiosity so often leads to computer users unknowingly clicking on these files, even though the lesson is simple. If you don’t know the sender and aren’t expecting a file from them, Don’t Click On It! Take the time to throughly read the email.
There’s no email you need to review / respond the second the message lands in your inbox. Read the email carefully. Make sure the person you’re interacting with is your trusted source. If the email looks suspicious – contact the person via a text message or phone call. A quick chat can help clarify the email’s validity.
Read Subject Lines, Body Copy, & Email Signatures Throughly
The craftiest cyber thieves will often try to disguise their spam emails with sender names, domain addresses, and subject lines that look familiar (think theboss@connpany.com instead of theboss@company.com). Notice the two n’s make the email look like company. Translate all that extra attention you’re paying to the New Year health of your overall inbox to the details of each message you receive. By looking for misspellings, awkward phrases, or slight changes to traditional email signatures. A sharp eye can often detect even the best phishing attempts.
A great example is knowing someone goes by a different name. For instance, say you deal with a colleague that goes by Matt. His full name is Matthew but he’s advised his coworkers to call him Matt. If you are corresponding with Matt and notice in his signature has changed to his full name Matthew instead of Matt, something may be off. Here’s a perfect example of paying attention to the details of an email no matter how minute.
Implement Multi-Factor Authentication
Multi-factor authentication, or MFA, is critical component in implementing cybersecurity best practices. MFA is a favorite here at Zuma Technology. A login process that contains two or more crucial steps, MFA requires you to enter two or more credentials. Typically, this involves something you know (a password), something you have (a unique code usually delivered via text message, email, or phone call), or something you are (a thumbprint or other identity verification to approve a login request). Even if a password is compromised, using MFA can prevent a data breach or hacked account.
Email providers are moving forward with MFA. An extra layer of security for emails is a nifty feature to have. Though the process may add time to logging into email – the security benefits outweigh the annoyance of performing this action.
At Zuma Technology, we work hard to protect you from evolving digital threats. From email phishing attempts to social engineering and data breaches, we continue to expand our knowledge about the cybersecurity landscape. In addition we consistently remain proactive by being one step ahead of hackers and bad actors.
