Protect Your Company - Best Practices to Avoid Attacks

phishing-spoof-email

There has been a tremendous rise in the number of malicious attacks, including email accounts being compromised, malware attacks, and password hijacking.  We are seeing 3 main types of attacks although others are possible as this malicious human interference is always changing.

  1. Vendor or Customer email accounts becoming compromised. Once the attacker has access to a user’s email account, they will send emails to the user’s clients or contacts requesting changes of bank account payments.  These emails will come from legitimate accounts of people and vendors that you know, as the attacker has actually broken into the account and is sending email on behalf of that person.  They will usually hide their tracks, so the user doesn’t notice.  

  2. Emails embedded with a link that when clicked, will take you to what looks like a OneDrive, or other Microsoft service, and ask you to fill in your password.  They then log these passwords and use it to try to break into your accounts.  Again, these may come from legitimate senders that you know, but their account has been compromised. 

  3. Emails that look like they came from IT DEPARTMENT, Microsoft, Office 365, Exchange, or other systems that say your mailbox is full, or your account will be turned off.  These are not real and will again try to have you click a link that will ask for your password. 

Below are some guidelines that need to be followed in order to prevent this. Remember, most of these emails will be coming from legitimate sources that you already have a relationship with, but the account has been compromised.  They will even reply to legitimate email chains, so it makes it VERY hard to notice!

  • Never give any of your passwords over email, or a link that was from an email, or any other source.  You will never be asked for your password in this way. 
  • Some companies are not taking checks at this time and are instead accepting money orders.  Attackers are taking advantage of this by compromising customer accounts and requesting money transfers to new accounts.  Never give any financial, bank, or private information without verifying by phone first from a known number.
  •  Never give any sort of personal, private, financial or company information over email until you have verified by phone from a known good number that the request is legitimate. 
  • Never open an attachment in an email if you aren’t 100% sure what it is.  Even PDF files have now been known to deploy malware.  Also, never click a link in an attachment if you aren’t 100% sure you know what it is.  In most instances you can highlight over the link to see the actual address, but this can be faked as well. 
  • Always double check the sender and reply to address of an email.  Many of these emails are spoofed names that appear to be from someone, but if you look at the actual address it is not that person. 
  • If you see anything suspicious or odd at all, chances are it is a compromised account.  It is better to be cautious and NOT do anything until it’s been confirmed by your IT professional that it’s ok.

If you are a current client of ours, please do not hesitate to reach out to us if you are unsure about an email you received.  We understand that these emails seem real and mistakes can happen.  If you think you have fallen for any of these breaches, please let us know so we can take the appropriate steps to re-secure all of your accounts as soon as possible.
 
Everyone should be vigilant during these times.  Attacks are on the rise and harder than ever to catch.  The best defense is being prepared and knowing what to do if a suspected attack occurs.  As always, if there are any questions, please send an email to helpdesk@go2itgroup.com or call us at 440-471-8210 Option 4.

 

If you are not a current customer of ours but need assistance, please contact us here.

Most Recent

What is a Managed Services Provider (MSP) ?

By Go2ITGroup
July 06, 2020 Category: Disaster Recovery, Risk Assessment, Network Analysis, Network Security

What is a managed services provider (MSP)? Why choose an MSP to support your business? Find out why businesses that partner with Go2IT are more secure, have less down-time and are more productive.

Protect Your Company - Best Practices to Avoid Attacks

By Go2ITGroup
June 23, 2020 Category: , Phishing, Cyber Attacks, Best Practices

There has been a tremendous rise in the number of malicious attacks, including email accounts being compromised, malware attacks, and password hijacking. We are seeing 3 main types of attacks although others are possible as this malicious human interference is always changing. Vendor or Customer email accounts becoming compromised. Once the attacker has access to a users email account, they will send emails to the users clients or contacts requesting changes of bank account payments. These emails will come from legitimate accounts of people and vendors that you know, as the attacker has actually broken into the account and is sending email on behalf of that person. They will usually hide their tracks, so the user doesnt notice. Emails embedded with a link that when clicked, will take you to what looks like a OneDrive, or other Microsoft service, and ask you to fill in your password. They then log these passwords and use it to try to break into your accounts. Again, these may come

Risk Assessment and Business Impact Analysis

By Go2ITGroup
June 16, 2020 Category: Risk Assessment, Disaster Recovery, Assets, Threats, Vulnerabilities

There is considerable uncertainty in todays world including online hackers and ransomwareto the COVID19 pandemic that is still ongoing. Unfortunately, many SMBs do not realize that it is only a matter of time before their IT infrastructure and data might fail or fall victim to malicious human interference. When that happens, SMBs not only lose revenue, they can also lose customer confidence as their reputation suffers. Additionally, there can be legal ramifications is customer data is stolen. All SMBs needs to have a disaster recovery plan in place prior to experiencing any of these issues. The Go2IT Group can help create a disaster recovery plan for your business using the methods described below. Risk Assessment and Business Impact Analysis What critical IT assets does your business own whose exposure to loss would be a detriment to business operations? What are the business processes that utilize these assets? What possible threats could affect the ability of those business functions

Categories
Windows (2)
Risk Assessment (2)
Disaster Recovery (2)
Microsoft (2)
Acquisitions (1)
(1)
Network Analysis (1)
Best Practices (1)
Cyber Attacks (1)
Phishing (1)
Assets (1)
Vulnerabilities (1)
Threats (1)
Coronavirus (1)
COVID19 (1)
Ransomware (1)
Upgrade (1)
Network Security (1)
+ Show More

866-424-1233

Contact Us

 

26260 Center Ridge Rd., Westlake OH 44145

© , The Go2IT Group, All Rights Reserved
  • Privacy Policy
  • Terms and Conditions
  • Email Us
  • Blog

  • Powered by Virteom Logoirteom