When you think of email, two thoughts tend to come to mind: essential business communication, and junk email.
Email itself had very humble beginnings, and most people don’t realise that email itself was invented before the internet. Back in 1965 users at the Massachusetts Institute of Technology (MIT) could leave electronic messages on machines for the next user that logged in. In 1971, Ray Tomlinson revolutionised this method of communication by inventing the @ addressing method we know and love today.
It took only 9 years before the first ‘spam’ message was sent over this new medium. In 1999 the first major email virus called the Melissa virus spread causing widespread disruption and repair costs.
So how do you protect yourself against being bombarded with junk and malicious emails?
By using products like Mimecast, you can significantly reduce the number of emails reaching your mailbox. This checks email content, attachments, and even sender authenticity, to filter out emails that you may not, or more importantly, should not receive.
However, as technology develops, so do the people using email for unscrupulous ends. It was estimated in March 2019 that 86% of all emails that month (around 400 billion) were spam or phishing emails. Mail filtering can only do so much.
We recently combined Mimecast protection with another link protection service in our Essentials package. This checks links you click on the web and in emails and verifies if the site is known to have been compromised. This further reduces the risk, but nothing is ever 100%. Websites are being hacked daily and no system can detect a hacked site instantly, so what next?
Now it is your turn.
You are the last line of defence.
Nothing beats users checking emails and being suspicious and alert to fake emails – making sure your staff are trained is essential.
Tekkers now offer a user awareness service, where fake emails are sent to users to see who clicks. We can then alert you to users more susceptible to phishing emails so you can increase their awareness. For more information on email security and awareness testing, please contact us.
So how do you spot a fake email?
- Senders Email – The display name may be correct but is the email address really from Microsoft?
- Content – is this something you would expect to receive from this person and is it the way they would email you. Bad spelling and grammar are often a clue, as is odd phrasing of sentences. And would John in Sales really ask you to make a payment to a numbered bank account?
- Action – is the email asking you to take action – click a link or open an attachment – and warning there will be consequences if you do not?
- Making you logon – if you do decide the link is safe and any protection lets you through to a website, is the site asking you to log in to read that document or download that file – especially if to Microsoft Office, Gmail or Facebook?
If you can answer yes to any of these, the mail has a good chance of being fake, and you should be wary of proceeding, and NEVER log into a website from a link in an email unless you were really expecting that password reset email.
- Call the sender don’t email. You may not be speaking to the right person otherwise
- 2. Check with Tekkers on emails you think might be genuine but look suspicious
- 3. Enable 2 Factor Authentication on services – even if your password is stolen, they cannot log in
- 4. Use different passwords for different services, and make sure you use secure complex passwords rather than variations on a theme to stop guessed alternatives. You can use a password manager like Last Pass, Dashlane or RoboForm so you don’t forget passwords.
What to do if you think you have been caught out
If you do enter your password into a suspicious site, or you get reports from clients of receiving emails you did not send, or just think you may be victim of a scam, let us know as soon as possible.
We can assist with resetting passwords, checking for signs of a hacked account, checking email flow to see what emails may have been sent / received, and advising on who may have received fake emails so you can contact them to alert them.