Email driven cyber-crime continues to grow exponentially. Some industry estimates claim email attacks and ransomware grew by over 350% last year in 2018.
Business Email Account compromise is the preferred attack method used by the bad guys and results in an estimated 80% or more of total security breaches. Whatever the industry statistics and measures, all continue to trend upwards at alarming levels. Attackers are launching sophisticated attacks and strive to continuously improve their approach to deceive technology safeguards and people. Bad guy diabolical plans vary widely. One very common approach is once a mailbox is successfully hacked, the bad guy acts as an impostor, and sends out malicious Emails directly from the Users mailbox. The result is you receive an Email from someone you think you know that at first glance looks to be Perfectly legit. For the foreseeable future, the "human firewall" will remain as the first line, and last line of defense. Emails may contain a web link or attachment that could contain malicious code and try to get your username, password, or other personal information. Best practices for Email Safety include: · Do not release an Email from your Quarantine, or be extremely careful if you do. There is an excellent chance it is malicious, and a very small probability it is legit. · When clicking on a Link in any Email received - - whether it be from someone you know Externally at another Company or Internally from someone at your Company - - be sure to Never Enter your Office 365 Credentials, if prompted. · Do not click on web links in unsolicited Emails saying someone sent you a document, and “click here to open”. If you have any doubt about an email: Be safe : ) *** Not sorry! : ( *** Contact the person by Phone to verify, or Contact your IT Support Team for an opinion. To learn more about recognizing phishing and scam emails, and to bolster technology defenses, review the following resources: 1. Avoiding Social Engineering and Phishing Attacks - US-CERT 2. Recognizing and Avoiding Email Scams - US-CERT