What is the single most dangerous threat to your network’s security? The users, of course. Social engineering is much more dangerous and pervasive than just self-replicating or malicious code. You would think as long as these types of scams have been around that users would have an automatic suspicion about clicking on that mysterious link. Spam crafters have gotten much more devious in the ways that they craft and send out malicious emails.
Using Familiar Companies
Do you check the from address when you get a shipping update from Amazon or Fed Ex? Probably not, and hackers know that. One of the most common things that they do is send out links that are embedded into emails that look legitimate.
If you get an email from a bank that you know you don’t have an account at it, is very easy to ignore that email as a scam attempt. If they manage to hit on one that you do have an account on, that is where the trouble begins.
Remember, hackers are playing the odds. If you send out enough emails, from enough companies, to enough people, you are going to be able to get the right companies to the right marks.
Check the From Field
Before you click the link, check to see who the email is from. Is it generic enough that it probably isn’t coming from somewhere legitimate? Ignore the email outright. What if it is coming from someone legitimate? What if it is coming from your boss, or even someone you know personally?
Remember, email addresses can be compromised. This means that your company’s CEO might appear to be sending out an email requesting your home address and social security number. Compromised emails are a great way to gain the trust of the email reader into thinking that the link is legit.
Check the Link
Is the link embedded into some text? Hover over the text and take a look at what the link is actually going too. If you got an email from PayPal and the link takes you to www.hackersaregreat.com/amazon, then the link probably isn’t genuine. Just taking the time to see where the click is sending you is one of the best ways to combat spam links and compromised user info.
How to Fight Back
The best way to fight back against these types of scams is by educating your users. No matter how high you set the filters on your email server, some spam is going to sneak through. Your hope is that when it does, your users will be savvy enough to avoid the click temptation.
Make sure that they know not to share personal or company information, to check who is sending the link out and to check the link itself. If you can trust your users, you are several steps ahead of the hackers.
Questions about IT Strategy? Contact US Computer Connection
If you need assistance with IT Strategy or how to combat these types of threats, contact us today.