In the workplace, your best defense against hacking is being sure that each person knows how to recognize an attack. What may seem obvious, can still trick even the best employees if they are very busy or particularly stressed. Some of the latest trends in Phishing scams include: mimicking an email from IT or your Network admin, fake emails requesting a password reset, fake emails from a document sharing software specifically Office 365 programs.
Real World scenario: While reading through your 57 new emails on Tuesday morning, you see what looks like a new document shared by a team member. You weren’t expecting this file, but you do regularly share files with this person. You are busy, and you know the person who shared the file is on a call right now, so you go ahead and click the file instead of confirming that the file is actually from them. You are directed to what looks like the Office 365 login page, and you enter your password to view the file.
This is a very common technique that hackers use. They spoof the email from one of your contacts; or they spoof an email from a file sharing program that you use, and they also spoof the landing page. Once you enter your password on the fake landing page, the hacker can then forward you to the real page that you were expecting. You may not even know that you just gave your password to a malicious hacker.
What to do: Never click on a link from an email if you aren’t 100% sure it isn’t malicious. Check with the person who sent you the email before opening anything that you weren’t expecting, even if it looks legitimate. Create a workplace culture (like the one at FinTrust) where this is accepted and encouraged. Know what an email from your IT department looks like; if you receive an email that says it is from them, but doesn’t look quite right, call them! Never click a password reset email that you didn’t request. Also, if you ever receive an email at home that you weren’t expecting, and it is asking you to click on a link (even if it is from a FinTrust team member), always call the sender to verify the email before you click on the link!
Here’s a great video with real examples from CSO: