Unfortunately one of the easiest ways for a hacker or cyber criminal to get into your network is to send you an email and trick you into performing something for them.This is commonly referred to as social engineering in the industry but for you and I we'll call it a scam.
With announcements yesterday from Stay Safe Online about an increase in scamming activity of late in this case referring to people calling landlines and mobiles impersonating big companies such as Telstra, NBN, Microsoft and even the police!
Tricking you into believing that they need to remote access to your computer because its being used to send scam messages and with your help they can track them down. They then request access to your bank accounts and then transfer money to themselves all in the guise of it helping to "track down the scammers".
The only people needing to remotely access your computers is us, your IT Support company. In fact if you're on our Select Server and Desktop Care plan then we already have the remote access ready to help you when you call with a problem.
The above example, should be relatively easy to spot that it's a scam.
However a worse kind is when they already know enough about your company to impersonate say the manager of the business, or even worse you and send an email to the accounts lady requesting financial figures and then follow that up with a bogus invoice to be paid and quite often its not a small amount of money either!
In this case referred to the email from had the name of the manager in it but the email address was a generic firstname.lastname@example.org email address. This was a clue that it was not legit but unfortunately was not picked up on.
Other clues in the email were no email signature initially until it was responded to, by that stage they would have the general layout of the signature and could impersonate it. Thirdly the invoice itself looked manipulated like it had been scanned, edited and sent out again. Most invoices if in electronic PDF format look clean, sharp and crisp. Finally the impersonating manager requested a copy of the remittance advise.
Unfortunately you've probably guessed the payment was made.
So what can you do to stay safe I hear you ask?