Don’t Take the Bait: Tell-Tale Signs of Phishing Email Scams

illustration of fish and hook

We’ve all gotten those emails. They’ll come from a company you’ve done business with, or from someone you know. A boss maybe. The wording is odd sometimes—there are always phrases that seem a little off, like “I’m stuck on a conference”—but the tone is usually urgent. Some action or information is needed. A cell phone number. Or credit card or social security data. Or maybe just clicking a quick link.

They are phishing emails: a scam in which a hacker or cyber-criminal sends their target a message intended to trick the target into revealing sensitive information. They are a common security threat, but with their frequently outlandish requests (who knew there were so many Nigerian princes that need our help?), it’s easy enough to view phishing emails as an irritant at worst and comical at best.

However, cyber scammers have gotten considerably more sophisticated in their methods. It’s no wonder that in May of 2021 there was a 440% increase in phishing attacks.

The truth is, it just takes one mistake—whether that’s a gullible employee or a distracted click on a questionable link—to open your business up to a major security breach. That’s why it’s more important than ever to make sure that you and your employees know some of the common signs of spam emails, so they can send these nefarious missives to the trash bin on sight.

Here are three common signs to look out for:

1. Requests for Sensitive Info

Maybe a package you ordered is stuck in transit somewhere, and your credit card information is needed to expedite shipping. Maybe your account with an online shopping service has been suspended, and you need to answer some security questions to log back in. Or maybe an acquaintance is in a jam, and they need your bank account number to wire the cash they need to get home.spam email

Don’t believe it, and don’t share anything: the most tell-tale sign of a scam email is a request for some sensitive information. Simply put, no legitimate company or organization is going to ask for your social security number, tax info, credit card info, or similarly sensitive information over email, especially not an unsolicited email. Your friends and co-workers don’t need that information either. (Unless your friends and co-workers are, in fact, phishing scammers. In which case, get some new friends!)

Of course, some scammers won’t request info but instead will send a link to click or attachment to download. Typically, taking any action can lead to your system and network being invaded by a virus or ransomware. These types of phishing emails can be tougher to detect, so before you take any kind of action, check for other signs that the email may not be legit.

2. Suspicious Email Addresses

When you open your email box, you’re used to seeing new messages from friends or co-workers, as well as promotions from favorite companies. But if you click into one of those emails and something seems off, check the email address of the sender. Is it different from what you might expect in some way?suspicious email addressScammers are now able to make it appear as though their messages are coming from your contacts or businesses you trust, but the truth lies in the actual domain email address. If it’s from a business, does it have extra numbers? A spelling mistake? Does it seem to have no connection at all to the business it’s purportedly from? Then chances are it’s a scam.

Emails from contacts can be spoofed, too. But you know your friend’s email addresses (or should be familiar at least) – is this email from a different address than normal? Or if it’s from a co-worker, is the email coming from their typical work email, or is the owner of your company suddenly emailing you from a Hotmail account? If anything seems off, it’s best to proceed with extreme caution.

3. Awkward Language and Spelling Errors

phishing email languageWe know that writing can be tough (not everyone can write IT company blogs, cough cough), but when you see an email with numerous spelling mistakes, missing words, and odd phrases, it’s fair to assume that something might be awry. Though scammers are getting better at writing convincing emails (or utilizing increasingly sophisticated AIs), phishing emails are typically full of obvious errors.

After all, a major corporation will likely ensure that its email correspondence is clean and typo-free. And while your acquaintances or co-workers may not have the luxury of copy editors checking their work, if their email is filled with phrases or language they don’t typically use, you can rightly suspect it may not be their words.

Get Extra Phishing Protection from BITS

It’s true that some of these signs may seem obvious. But with the amount of correspondence we tend to get each day, it’s easy to let your guard down and click a link or download an attachment from a scammer. It can, and does, happen.

One thing that can help is a service called KnowBe4. It can send out emails designed to resemble standard phishing scams, meant to tempt employees to click. If they do, they can receive training from KnowBe4’s experts to help them recognize scams.

Even with that extra layer of protection though, the worst can occur. Fortunately, even if it does, you don’t have to be on your own. With cybersecurity from Beacon IT Services (BITS), you’ll have safeguards and firewalls set up to prevent scammers from causing too much damage. In addition, our data recovery services can help you get you back on your feet after an attack with minimal downtime for your business.

Contact us today to get started on securing your network. After all, you never know what’s lurking in your email inbox.

(Oh look! An email from Amazan.com. My package shipped but they need me to click a link to confirm my address… oh, wait a minute… something’s not right here…)

By | 2021-08-27T06:36:35+00:00 August 27th, 2021|Cyber Security, IT Services, phishing email|

How To Protect Your Business From Costly Ransomware Attacks

It’s never good news when cybersecurity is in the news. Unfortunately, that’s certainly been the case this year, as story after story has emerged of cyber attacks and hacks crippling major corporations and utilities. The ransomware attack that halted Colonial Pipeline, hiking prices and causing gas shortages on the East Coast, was one of the most well-known recent incidents, but certainly not the only one: hackers also targeted food suppliers, insurance companies, communication companies, and many more. Indeed, one prediction from Cybersecurity Ventures predicts that businesses will be attacked by ransomware every 11 seconds by the end of 2021.

Though that particular estimate is on the higher (and more alarming) end, there’s no question that cybersecurity is an absolutely essential part of any responsible business’s IT agenda. If you run or work for a small business, you may not be a target of the multi-million dollar schemes affecting some of the major, international corporations, but you are still at risk. There’s no need for panic though. With a few precautions, you can make sure your business is protected.

Why Ransomware Attacks Are So Common Now

To begin understanding how you can protect your network, employees, and business, it’s important to understand what exactly is happening.

hacked laptopTo start, let’s look at exactly what a ransomware attack is. Essentially, ransomware is malicious software (or malware) that infects a computer or network, taking control and restricting access to files and programs. The only way for the system’s owner to regain control and keep their data from being destroyed or publicly leaked is to pay a ransom to the malware’s creators.

Lately, attacks like this gotten more frequent. Many exporters and observers agree that this is most likely a side effect of the COVID-19 pandemic.

Why? Due to the pandemic, many workers transitioned from working in offices every day to working from home. Unfortunately, many also began using unsecured remote networks to do their work, opening themselves up to attack.

At the same time, hackers took advantage of the fear and uncertainty bred by the pandemic to start sending out targeted phishing emails. Using subject lines with topics related to coronavirus prevention and safety measures, these emails, often falsely attributed to reputable sources like the World Health Organization or the Center for Disease Control, tried to dupe worried readers into surrendering important data and credentials. Sometimes it worked.

How You Can Keep Your Network Safe

Even as we better learn to battle COVID-19 and life returns to something closer to normal, the threat of ransomware attacks persists. Fortunately, protecting against them is not as difficult or complicated as it may seem.

Here are three steps to take:

icon of virus-free smartphone

1. Enlist the aid of managed services pros

To start, one of the key things to remember is that you don’t have to fight this by yourself. Partnering with a trustworthy and proven network management team like the experts at Beacon IT Services (BITS) can go a long way towards securing your network and your data. (Not to mention all of the other benefits of our services, including cloud migration, data recovery, and general systems maintenance.)

2. Set up a VPN

Next, your BITS team will work on securing your remote network. In most cases, that will mean setting up a virtual private network (VPN) for you and your team to work on. VPNs offer the security and function of a traditional, hardwired private network while still allowing users to access it remotely. BITS partners with SonicWall to offer a variety of secure and reliable VPNs that will secure your network.

3. Prepare your team to spot scams

You also must train your employees to recognize the signs of potential phishing emails. From keeping an eye out for suspicious and overly complex email addresses to unusual requests for social security numbers, credit card info, and other sensitive data, there are some simple things employees should always watch out for. Your IT expert can provide info on essential best practices and can offer recommendations on valuable services like KnowBe4 if more in-depth anti-phishing measures are required.

BITS will also install powerful firewalls and anti-virus software on your network to keep it safe from other threats. Our 24/7 network monitoring also allows us to identify any issues as they arise—before they become a problem for you and your business.

Don’t Fall Victim to Ransomware: Contact BITS Today

Don’t waste time: contact us now to get to work on securing your network.

If you already partner with us, don’t hesitate to reach out if you have concerns about your security. We’ll work with you to make sure everything is secure and that you have the best protection possible.

By | 2021-07-23T07:32:09+00:00 June 24th, 2021|System Administration, Cyber Security, IT Services|

Data Breaches: Has the Industry Adjusted?

For cyber-security professionals, 2017 may have been “The Year of the Data Breach.” It’s not that data breaches just started happening last year — cyber-criminals have been at it for quite some time. But the number of high-profile breaches, as well as the sheer number of consumers being affected, seem to have hit an all-time high.

According to the non-profit Identify Theft Resource Center (ITRC), last year saw 1,253 reported data breaches. That’s a nearly 15% increase in the record-setting number of breaches that occurred just the year before, in 2016.

Not too long ago, consumers didn’t pay that much attention to data breaches. Most didn’t think or realize that their personal information was at risk. Last year, that laissez-faire attitude came crashing down as consumers were rocked month after month with news of huge breaches at very visible public companies.

Equifax, Uber, Facebook, Yahoo and eBay are some of the companies that found themselves in the spotlight for all the wrong reasons. The attacks didn’t just target internet companies, however. Cybercriminals didn’t discriminate — they went after state and local governments (WannaCry in Atlanta, SamSam took down Colorado DOT), health care organizations (Anthem/Blue Cross Blue Shield and UNC Health Care), universities (Oklahoma, Washington State), hotels (IHG, Hyatt), retailers (Forever 21, Kmart, Saks Fifth Avenue) and even the US government (FAFSA, SEC).

Lessons Learned

So, what have consumers and IT security professionals learned from all this?

One positive thing that high-profile data breaches did accomplish is they brought cyber security concerns out into the general public discourse. Consumers are a lot less likely to skip over a news story about a data breach today. Many now pay much closer attention to protecting their own personal information, and are more vigilant about checking up on breaches that have the potential to impact them — like with Equifax.

The IT security industry has responded as well. For one, demand for cyber security specialists has skyrocketed. Firms are having trouble filling positions, with an estimated two million shortfall of qualified IT professionals projected for 2019.

But, have businesses and top decision-makers learned anything?

The leaders of Equifax, Uber and Facebook are certainly facing a considerable backlash for the failure to protect their platforms. They’re also being criticized for not being forthcoming or responsive enough to the concerns and needs of their consumers. All three companies are working through lawsuits brought forward by their consumers. The lawsuits are still working their way through the legal system, so, it’s not yet apparent what lessons these companies have learned.

But, it’s safe to say that the rest of the business community is on alert. Consumer data protection is a must — not a “nice to have.”

Is IT Security Better Today?

The positive takeaway from the Year of the Data Breach, is that data security is no longer the forgotten cousin to IT infrastructure concerns. Data protection is top of mind for both consumers and the organizations that collect and store consumer data.

With the highly anticipated GDPR (General Data Protection Regulation) going into enforcement earlier this year, the emphasis on data security is no longer optional. Now, businesses have an obligation to think about and protect the data that their consumers allow them to collect. And consumers, themselves, are empowered to exercise greater control over what data they share and how their data is stored.

So, while 2017 was a bad year for data breaches, 2018 may prove to be a turning point for consumer data protection.

Beacon Knows IT Security

If you haven’t reviewed your organization’s IT security needs in a while, or are unsure of what security protocols are in place, Beacon’s highly capable and responsive team of IT professionals can help. Give us a call at 336.265.2700.

By | 2018-07-30T11:20:43+00:00 July 30th, 2018|IT Services|