Recently, at BeCloud, we have noticed an uptick in spam and phishing emails. According to the Cybersecurity Firm Proofpoint, 57% of organizations experienced a successful phishing attack in 2020. And it was universal! Whether you are using a free Gmail account or a paid Microsoft365 subscription, your mailbox is under attack. Frightening, right?!
Why do hackers do this and what do they have to benefit from it?
What some people will do for money is senseless. In a nutshell, cybercriminals are in it for money. They are monetizing email accounts. They can often utilize compromised email accounts to access banking account information, credit cards and other personal information. These malicious actors use impersonating techniques to trick users into handing over sensitive data and passwords to exploit you and your associates.
Unfortunately, our BeCloud Team have seen a couple of examples firsthand.
Yes, we have seen it happen multiple times. Cybercriminals are now using sophisticated social engineering and impersonation techniques to trick users. For instance: We had an intern receive an email impersonating BeCloud's CEO requesting that the intern immediately purchase apple gift cards and mail them to an address. The employee followed through with the request and it caused the employee to lose money because once they bought the gift cards, they could not get their money back. Slick, very slick!
In another instance, we had a client receive an email, as if it came from Microsoft, which advised them to change their email password immediately. Like many people, the client followed through with the request. When the user attempted to change the password, the website discreetly recorded the original email password. With the registered password, hackers gained control of the mailbox. Once the mailbox was compromised, hackers sent emails to other users to solicit money. Do you see how easily unsolicited emails can compromise your privacy and potentially cause you to lose money?
How can you protect yourself in 5 simple steps?
- Glad you asked. Never trust unsolicited emails. Users must verify that the from address, not just the display name, is from the user. If the email has misspelled words or does not sound like an email, you would typically get - verify before taking any action.
- Utilize images of your email address instead of text on your website. Robots scan websites for email addresses. Before posting your personal or primary business email address, utilize a picture because that is harder for robots to read.
- Limit where you publish your email – If possible, don't publish your main email addresses. Utilize free email or general mailboxes for website logins, etc.
- Enable two-factor authentication on your mailbox account.
- Mark email as spam; don't just delete it - when you mark an email as spam, it helps the spam detection software identify unsolicited email more easily.
Phishing and Spoofing have been on the increase for the last several months. You can contact BeCloud directly if you have a question about an email. Also, consider using two-factor authentication; give us a call if you have questions about that.