Click or Treat: Unmasking Email Impersonation
Emailing is one of the most essential tools for communicating within a company. However, its widespread use has also made it a prime target for cybercriminals. Email impersonation is a type of phishing where the cybercriminal poses as a trusted person or organization to gain information, spread malware, or obtain money. Here are some ways we remind users to act cautiously with a few tricks of our own.
What to Look For:
- Display Name Change: The easiest way impersonators will try to trick a recipient is by changing their display name. This tactic is the most mundane since email services allow users to freely choose how their name appears. Even if your boss’s name shows as the sender, double checking the entire email address will show that it may not be an email associated with them.
- Look A Like Domains: Domains come after the “@” of an email address. Impersonators obtain email domains similar enough that the receiver would not notice small differences at first glance. For example, if you receive a message from a store, the “o” in their domain might be a “0”.
Helpful Tricks:
- Verify the Sender’s Identity: Manipulation is a common way phishers get recipients to give information or click links. They commonly create a sense of urgency, fear or curiosity to persuade users to act without thinking. Try asking the sender in-person or via a different line of communication if they sent a time-sensitive message.
- Report Phishing Emails: If you receive a suspicious email, it is important to report it. Security experts can analyze the email to find new trends or patterns. This is beneficial to develop better security measures and prevent future phishing attempts.
- Shield Up: It is critical to keep your antivirus software up to date, in case your employee mistakenly clicks a link. Updates help the software guard your business by evolving with the trends of newer attacks.
As phishing attempts evolve, securing your business is vital. To ensure your business does not fall victim to an attack, continue to educate your team about the dangers of phishing. If you have any concerns about the security of your business, contact us at [email protected] to ensure your team is staying up to date.