Skip links

Suspicious Email Management

 

The importance of email in business communication

Did you know that Canadians spend a lot of time for checking email while they are using a desktop, a laptop, and a mobile devices? According to a survey conducted by CIRA,  when people are using a desktop or a laptop, 44 per cent catch up on  email. When using a mobile device like a smartphone, 42 per cent say they spend time on email, which is the same amount as they use social media. Due to an increase of Covid-19 cases, many companies are shifting their old style of working in office to telecommuting. The importance of email emerges because of this. Not only email is a great way to communicate with consumers, but also business use email every day to reach new, existing, and future customers.

 

Phishing email attacks have increased since the start of the pandemic

Online phishing attacks targeting email and other cloud-based services on the internet have increased since the start of the COVID-19 pandemic, according to a recent report by the non-profit Anti-Phishing Working Group (APWG).

Phishing Activity Trends Report – APWG

As you can see the trend above, the number of phishing attacks has grown since March 2020 when the pandemic started getting worse.

 

What is the phishing and how it works?

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication. Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.

 

Phishing Cycle – EliE

1. The phisher finds a vulnerable website and upload his phishing kit. Usually a phishing kit is a copy of the legitimate site login page (Google, Facebook, Dropbox…) modified so that the credentials are posted to a small (PHP) script that sends the stolen credentials to the phisher and logs the victim to the real site.

 

2. The phisher lures its victim to his fake login page by sending emails. For example they might ask the victim to login to get free stuff, increase quota or review some sort of issue.

 

3. The victim visits the phishing page, inputs her login and password. Those credentials are processed by the PHP script that redirects the unsuspecting victims to the real site.

 

4. The PHP script sends the stolen credentials to an email address (known as a email dropbox) controlled by the phisher.

 

5. The phisher gets a notification that an email is in his inbox, he logs in, retrieves the stolen credentials and hijacks the victim account.

 

How can we prevent from these cyber-attacks?

DO NOT click on links

There is one way you can verify if the link you got is legitimate or not. If you use a product or service from Microsoft and you got a product advertisement email, DO NOT click on links. Instead, go to Microsoft official website and check out the product or service information from there. You will see the same information there if the email is legitimate.

There is another way for desktop users. Many desktop email clients and web browsers will show a link’s target URL in the status bar while hovering the mouse over it. Try to use this feature at all time before you click and go into any links. This behavior, however, may in some circumstances be overridden by the phisher. Equivalent mobile apps generally do not have this preview feature.

 

USE a browser filtering extension

There are browser extensions that grade search engine results based on known characteristics or behaviors and may even prevent you from navigating to malicious sites. Generally, sites will be graded on a scale from safe to suspicious to high risk.

 

USE an Anti-Phishing software

There are a lot of anti-phishing software that support various platforms, such as Windows, Mac, and Android. For example, Eset Security provides not only anti-virus features on PC platform but also anti-phishing features for mobile devices, such as tracking websites to verify if the websites are legitimate.

 

What should you do if you accidently clicked on the link from the phishing email?

Disconnect your device from the Internet

Once you click on a phishing link, your computer is most likely compromised by a hacking tool without you recognizing. Disconnect the computer from the Internet to prevent the hacker to take precious data from you or lock up the computer.

 

Backup your precious files

After disconnecting your device from the Internet, now it is time to backup your precious files. Get an external hard disk drive and move the files to the disk.

 

Scan your computer with anti-virus and malware software

Once you secured the files, try to install anti-virus and malware software and run the software to detect any suspicious files or programs installed on your device.

 

Reset your credential

Lastly, reset your account credential on your computer and email. If you are using the same credential for other accounts like Facebook, Instagram, and bank, please change those as well.

 

 

For more information please contact us

Phone: (604) 757-9823

Email: [email protected]

Website: https://turboitsolutions.com/contact-us/

 

For more IT tips & information, please visit these blogs

 

GREAT OPTION FOR YOUR SERVER UPGRADE: MICROSOFT AZURE CLOUD

For business owners, it is important to have a decent server in an IT infrastructure. Why? Because the server can host a lot of services and features that can support your IT infrastructure. Many companies are still using Windows Server 2012 for their domain controller and it is getting old. It is recommended updating the server software to have a stable connection, security, and so forth.