Are Your Employees Being Targeted By Sophisticated Hackers Posing as Vendors?

You might think that you can easily recognize a phishing email and avoid it, deleting it quickly before you accidentally click a link. While that may have been true in the past, today’s attackers are increasingly sophisticated, going to great lengths to trick your employees into believing that their request for funds is from a primary vendor of your organization. These cyberattackers are taking the time to get to know their prey and are customizing their “marketing” message to be more attractive to users than ever before. Here are some tips to help your staff members stay safe as they’re checking email.

BOLO Suspicious Email Domains

Your organization could be working with dozens — if not hundreds — of vendors at any point in time, and it’s not unusual to receive an attachment from your partners or a link that would allow you to download an estimate or invoice. As you’re quickly scrolling through your hundreds of unread emails, you spot a familiar email domain that is used by your vendor: let’s call them ABC Company. Their email addresses all end in @abccompany.com, and you know that you can trust emails from that domain so you don’t think twice about clicking the link embedded in the email even though you don’t recognize the name of the specific sender.

Unfortunately, you didn’t quite read closely enough, as this particular email was actually from jim@abcccompany.com (note the extra “c” that your eye skipped over), and you’ve just provided hackers with a back door into your systems. You always have to be on the lookout (BOLO) for domains that are remarkably similar to those that your vendors use, as hackers are getting savvy enough to purchase domain names, set up fake websites and fully commit to their craft in order to take down your company.

Ongoing Training is Crucial

Ongoing training for your staff is perhaps the only way to reduce the possibility of this happening. Even the most diligent employees can be fooled when they’re quickly skimming through their inbox, but it’s crucial to advocate for taking the time to question anything that looks unusual. Provide staff members with recommendations that will help them confirm the legitimacy of emails before clicking through links, or consider putting technical processes in place that will filter out unknown or untrusted emails to a secondary inbox. Whether they are being asked to click a link or pay a bill in an unexpected way from a vendor that they trust, employees must be comfortable questioning everything that is the least bit out of the ordinary.

Having the right processes and training in place are the best defenses against the aggressive cyberattacks that happen on a regular basis. Having a trusted partner that is actively monitoring your email, data storage and security applications can help reduce the possibility of extensive damage to your organization. Contact the professionals at Colorado Computer Support today at 719-439-0599 or chat online with a specialist to get quick answers to your cybersecurity questions.