We all read the news – impersonation-based cyber attacks are increasingly more common, sophisticated and targeted.
But what are the most common, and successful approaches that cyber criminals use to attack business like yours in the UK every day? Here are some of the most common impersonation attempts you should be on particular alert for, and make your users aware of.
Is it really your boss?
It’s never the best career move to ignore your boss, so who wouldn’t respond to a request from them? Many times, attackers don’t use complex tools or technology to try and trick you or your employee to wire money, send personal information, give up account credentials, etc. They simply research both you and your employees/manager by checking out social media accounts like Facebook, LinkedIn, or your company’s “About” section. From there, they craft the perfect email (or strings of emails) that legitimately appear to be sent from a trusted source. These messages typically do not contain malicious links or attachments, making them very difficult to detect with traditional email security solutions.
Impersonating popular business apps you use every day
Almost every business uses some sort of web-based application to help manage day-to-day workloads and tasks. Attackers are well aware of this and target trusted web services like Gmail or DocuSign as a way to lure unsuspecting victims. These attacks often try to get you to give up account credentials or click on malicious links. For example, you may receive an email informing you that you have unread messages, to reset your password, or to review or sign a document. From there, you’re taken to a fake website portal and accidentally give up your login information. These crooks will then use this to commit fraud or to launch a more targeted attack within your organisation.
Impersonating your Office 365 account
Most businesses use Microsoft’s popular cloud productivity service; however, familiarity can sometimes be a bad thing. There’s an inherent trust from users when they see an email directly from Office 365, and attackers are capitalising on this trust. They craft emails that ask you to log into a seemingly “valid” web portal. From there, they can gain access to your account and proceed to send malicious emails to your co-workers. What do these particular emails usually contain? You guessed it—a message asking for more sensitive company information or money. Even though Microsoft Office 365 is still a relatively new tool, attackers recognise that it houses a rather large and growing user base, so they plan on taking full advantage.
Secure your business
While we’ve all seen the headlines of data breaches such as British Airlines and Marriott, don’t be lulled into thinking that small and medium sized business aren’t also at risk.
Email is the leading source of modern cyber-threats which makes selecting the right enterprise email security is critical to your business success – this is vital even if you’re using Microsoft Office 365 as we discuss here.
Don’t miss what Forrester Research is saying about enterprise email security – Barracuda has been named a leader in the recent Forrester Wave Enterprise Email Security report.
Request your copy of the complimentary report now to read more!
How can I find out more?
As Barracuda Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.
To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.