Ever since the first email was sent through the Internet, people have been trying to find a way to make the most money off the revolutionary technological advancement. Soon after that, nefarious individuals tried to find a way to take advantage of this through illegal means. Phishing, when a hacker pretends to be a company in order to gain access to your account information, has been around for years. Unfortunately, a new hacking method dubbed “Mailsploit” has just made it more difficult for users to ignore or block these cybercriminals.
So, what exactly does this mean? In general terms, a typical phishing email might try to appear to be from someone in your company. Let’s say that you have a manager named John Smith at your company. His email address is johnsmith@company.com. You receive an email from smithjohn@companie.com. Not paying attention to the address differences, you click on the email and then, thinking that the user is one who can be trusted, you click on the link inside the email and are rerouted to a website that proceeds to download malware to your computer (and the company’s server), thus putting you and the company at significant risk for financial loss.
Most mail programs and company servers have protocols in place to weed out the bogus email accounts so that any phishing emails get dumped into Spam or Junk mail folders for easy deletion. But Mailsploit takes advantage of flaws in popular email programs, specifically how they interpret text, to allow these fake emails to get through. That email from John Smith can now appear to actually come from johnsmith@company.com, the very same email address you know and trust. The only way to verify if this is the real manager of your company would be to have your IT staff check each and every email coming through the system.
So how do companies protect themselves from these type of phishing attacks? The best way to do this is to modify your IT security protocols to include callback procedures and two-factor authentications. Your IT staff person can activate these features on your cloud-based services and even some in-house systems so that you can have a safer, more controlled computing experience. You should also encourage your employees to be safer when answering emails. Every company should have a policy on how to handle such problems. Another recommendation is implement a training seminar for all employees on how to avoid phishing scams, to learn what to look for, and how to block the would-be hackers.
Cybercriminals are getting smarter and more advanced with each passing day. This means that we must step up our game as well to make sure that they do not win. Staying one step ahead of the bad guys is the best way to protect yourself and your company. You can contact New Edge Technology Solutions to assist you in designing and implementing a complete information security plan – to include on-going testing and training as threats evolve.