Chances are that you’ve received a phishing email in your inbox, but did you know at that time that it was fraudulent?

Phishing emails are an attempt to trick individuals into sharing personal and sensitive information, usually login credentials and sometimes financial information. The attempt typically involves a crafted email with hyperlinks to a website intentionally created to collect information from unsuspecting victims. An attacker may be sending out a generic phishing email to a large number of individuals in order to compromise unwary recipients, or he or she may be targeting you or your organization specifically known as “spear phishing” due to the focused nature of the attempt.

What's the difference between phishing and "spear phishing"? For spear phishing, the attacker will research details about you and your organization to find valid names and information about you to use such as project and organization names. The attacker may have even compromised the account of someone you do business with so they can craft emails from their account.

Here are tips on identifying phishing emails and what steps to take to protect yourself

Think Before You Click

• Always be careful before clicking on any content in an email, including links and attachments.
• Hover over the URL (or long-press on a mobile device) to double check its destination before clicking. If it doesn't match, that's a red flag.
• In some cases, a single click is all that is required for your machine to be compromised.
• Double check the sender's information: the domain name, recipient list, subject line, message, etc.

Keep an Eye on Shared Documents

• Invitations to view shared documents are a common way to get you to click. Again, double check the sender. For example, on Office 365, legitimate sharing messages will come from either msonlineservicesteam@email.microsfotonline.com, or the email of the person sharing the document.

Know Your URLs

• Never enter your Office 365 account credentials on anything other than the actual Office 365 login page. Look closely at the URL bar. Here is what it looks like:

Report Anything That Looks Phishy

• Set up the Office 365 spam filter to identify and block specific recipients. You can also report junk email and phishing scams.
• Set up Microsoft Defender so unwanted malicious emails never make their way to your inbox

If the email appears to be directly targeting your organization in some way, or you’re just not sure if it is safe, here are a few tips to follow:

• If the purported sender is someone you know, contact him or her directly to verify if he or she sent the email. Contact this person through a method other than email. If his or her email account has been compromised, an imposter can simply reply in the affirmative to any email response you send.
• Forward a copy of the email to your organization’s security team or IT help desk so they can help assess and respond to the situation.

Did You Fall For It?

• If you believe you may have fallen victim and provided your account credentials or other sensitive information through a phishing site, please report it immediately. Your support or incident response team will walk you through the steps you should take, including changing your password and looking for suspicious activity on your account.

Arm Yourself with These Tools

• Don’t reuse your Office 365 account (or any other important account) password on other sites. Multi-factor authentication on Office 365 accounts makes it harder for an attacker to access your account, but it doesn’t prevent them from using that password to access other accounts where the same password may be used. Having trouble keeping track of more than one password? You’re not alone. Use a password manager!

Attackers and hackers are getting more creative with their attack strategies. Stay prepared and always err on the side of caution.

[vc_row][vc_column][vc_column_text]

3 things businesses can learn about email security from the Panama Papers hack

As written on blogs.office.com

In today’s IT environment, data breaches are a constant threat. According to Gemalto’s 2015 Breach Level Index, last year 1,673 data breaches around the world led to 707 million data records being compromised. And though email has come a long way over the last decade, it’s still one of the greatest threats to data security.

We don’t have to look far to see what kind of damage hackers can do when a business does not ensure secure email. In what’s being called “the biggest leak in whistleblower history,” the Panama Papers hack made international headlines last month. This hack enabled 2.6 TB of data to be stolen through the email servers of Mossack Fonseca, a legal firm based in Panama City.

The stolen data gave information about offshore bank accounts and shell companies used by prominent people worldwide to avoid taxes or conceal their wealth, according to “The New York Times.” The hacker then communicated with a German newspaper regarding the confidential files, expressing his or her interest in exposing the data. Once the newspaper realized how much data was involved, it contacted the International Consortium of Investigative Journalists, which has coordinated other tax haven mega-leaks in the past. Together, they released the information to the public.

So how did the hacker get access to the legal firm’s email servers in the first place? According to ITPro, security and privacy expert Christopher Soghoian ran a test showing Mossack Fonseca did not follow Transport Layer Security (TLS) protocols for email encryption. Whether you believe the Panama Papers leak was a good or bad thing, a more important question remains: What can IT security professionals learn from this?

Here are three tips for ensuring secure email:

1. Encrypt important emails—When email encryption is not part of a business’s security measures, hackers can easily intercept emails and read them. Any information contained in these emails or attachments can help hackers gain further access into a company’s network.

2. Create a business culture of security—Be sure that all employees are aware of the risks of lax data security and help them recognize suspicious requests and phishing schemes. Hacks often occur because a hacker finds just one “in” that leaves the network vulnerable. This “in” can be as simple as a stolen email or portal password. Hackers can then send emails from an internal account and make IT requests that sound legitimate. From there, they can potentially breach the email server and obtain access to all incoming and outgoing attachments, burrowing deeper into the network until they’ve reached the information they want to find.

3. Choose a secure email service with impressive security features—This means selecting a service that promotes business communication while actively protecting sensitive information. It should have built-in defenses against viruses, spam and phishing attacks. Deep content analysis should identify, monitor and protect data, thereby preventing data loss.

4. Don’t let your organization become one of 2016’s data casualties.—Do everything possible to avoid Mossack Fonseca’s fate and protect your, and your customers’, sensitive information through top-notch email security.

Get more out of your email to help grow your business. Tour the new Office 365 capabilities including Advanced Threat Protection, real-time protection for your messaging system against malware, viruses and malicious URLs.

[/vc_column_text][/vc_column][/vc_row]