Continuing on in our series on how to spot scams we bring you the latest on how hackers will use your publicly available email addresses and job advertisements on your website to potentially bypass your security protections. Its important that you and your team members can identify scam ‘Job Applicants’ that will either be trying to get you to unwillingly install malicious software on your mobile phone or computer or get you to enter your usernames and passwords on fake logon websites.
The following example was one that was received via email earlier this week. It starts out pretty well and for all intents and purposes appears to be a genuine email. Unfortunately for the sender it set of a bunch of red flags in my mind.
The email is using our brain’s weaknesses against us, in this case our curious nature. They are trying to get you to open the attachment without thinking about it. The contents of the email sounds like someone I would obviously interested in having on my team.
So what? It’s a good question, for now imagine you’re looking for a very senior lawyer or accountant to join your team. All of a sudden your website email address receives an email from someone who at first glance looks like they might be a great fit for your firm. You’re intrigued so you open the attachment and next minute your system freezes and you see a ransomware message on the screen. Then you get calls from others in the office saying there all seeing the same thing….
Naturally, you wouldn’t fall victim, but it never hurts to refresh your memory on some tell tale signs to be on the lookout for
- Job Applicant email from Unknown source which you can’t verify using social media e.g. LinkedIn, Facebook etc. or a standard google search.
- The person sounds to good to be true e.g. experience with all things you’re looking for and more, you’re just not that lucky
So how can we help you to stay safe?
- Stop and ask someone else if its legitimate like us, better to be safe and sure
- Ensure your firms mobile devices are being updated for both Apple iOS and Android OS as well as App updates, we have a service that can take care of this for you, taking another headache of your very stretched plate.
- Ensure your systems are patched and up to date, if you’re a managed services client we take care of this for you
- Engage Cyber Security Awareness Training for you and your staff, talk to us to find out more
- Have a next generation firewall that’s configured correctly and receiving up to date threat information, those clients that have purchased firewalls from us already talk to us about updating settings to help stop known bad sites
- Have Dark web monitoring setup to help you identify if a team member accidently enters their username and password into a phishing site and the information is available on the Dark Web for cybercriminals to access
- Ensure your systems are backed up and stored offsite preferably in the “cloud” and that they are only accessible by those that need access to them
- Ultimately you want to have a defence in depth strategy with your protections and ensure there are multiple layers in place like a castle, we are happy to provide a third-party assessment of your system to give you peace of mind that your defences are adequate
Call us today on 08 6244 2556 to learn how you can protect yourself, your team and your clients from the ever-increasing risks or submit the form at the top of the page to book an independent third-party assessment of your system.