When you receive emails from someone you know or an organization with whom you have been doing business, your defenses are usually lower. You have known this person for a long time, or you have been dealing with that company for years. Maybe it is a brand that elicits trust…Microsoft, Amazon, Apple, Verizon, etc.
However, are you sure that the person who sent that email is indeed who you think it is? Is it Sally whom you have talked to, whose son plays high school basketball and is preparing for graduation? Poor Sally sure is gonna miss him when he heads off to college. She says in her email that she needs you to resend your company’s account info for an internal audit they’re undergoing, and you know she’s been stressed about it.
Are you sure that the alert email came from Amazon? It says an order was placed on your account for 5 new iPhones, and they are checking to be sure you ordered them before they charged your credit card. It’s great that Amazon knows your buying habits and is trying to protect you. The email provides a link to easily click on and enter your credentials to submit a response that you did NOT order those phones and to ensure they do not charge your credit card on file. Whew! That was a close one.
You can sleep well tonight. You helped Sally through her company audit. She’s dealing with the stress of an empty nest, and this audit must be tough for her. You’re glad you could help her out. She is a lovely lady. And thank goodness the folks at Amazon are watching out for you. The charge for 5 new iPhones would have probably maxed out your credit card, and you would never have known until you got the bill – and no iPhones.
Except you don’t sleep well because you have nightmares. When you wake up, you realize it was not a dream. You suddenly get a sick feeling that something may not be correct. As soon as you get to the office, you call Sally. That email was not from her. Then, who did you send your company’s account information to? While your company CISO and her security team are tracking that down, you step outside and call Amazon to ask about that charge they emailed you about. Your stomach sinks again when they tell you that there was no charge and that they did not send that email. However, there have been some new charges this morning. But you know it wasn’t you.
The moral of the story is you never know who is on the other end of emails. Phishing emails from people or companies you have never heard of or worked with before are easy to spot as fake. However, the toughest are those pretending to be someone you know or trust.
Don’t be afraid to double-check. Call Sally when you get an email asking for information that would harm your company if you sent it to someone other than her. If you need to log in to a site because of an email, don’t trust the link they send you. Go to the site the way you usually would. Use the app you always use.
We have become so accustomed to the convenience of text messaging, emails, and all things automation that we allow ourselves to be tricked into becoming a victim. Take that extra minute. In the long run, it can save you many hours, money, trouble, and maybe even your job.
At Commonwealth Sentinel, we can evaluate your existing IT security and work with your team to improve it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.