Tips for Identifying Phishing Emails in Office 365

Chances are that you’ve received a phishing email in your inbox, but did you know at that time that it was fraudulent?

Phishing emails are an attempt to trick individuals into sharing personal and sensitive information, usually login credentials and sometimes financial information. The attempt typically involves a crafted email with hyperlinks to a website intentionally created to collect information from unsuspecting victims. An attacker may be sending out a generic phishing email to a large number of individuals in order to compromise unwary recipients, or he or she may be targeting you or your organization specifically known as “spear phishing” due to the focused nature of the attempt.

What's the difference between phishing and "spear phishing"? For spear phishing, the attacker will research details about you and your organization to find valid names and information about you to use such as project and organization names. The attacker may have even compromised the account of someone you do business with so they can craft emails from their account.

Here are tips on identifying phishing emails and what steps to take to protect yourself

Think Before You Click
Keep an Eye on Shared Documents
Know Your URLs
Report Anything That Looks Phishy
If the email appears to be directly targeting your organization in some way, or you’re just not sure if it is safe, here are a few tips to follow:
Did You Fall For It?
Arm Yourself with These Tools

Attackers and hackers are getting more creative with their attack strategies. Stay prepared and always err on the side of caution.

 

3 things businesses can learn about email security from the Panama Papers hack

[vc_row][vc_column][vc_column_text]

3 things businesses can learn about email security from the Panama Papers hack

As written on blogs.office.com
In today’s IT environment, data breaches are a constant threat. According to Gemalto’s 2015 Breach Level Index, last year 1,673 data breaches around the world led to 707 million data records being compromised. And though email has come a long way over the last decade, it’s still one of the greatest threats to data security.
We don’t have to look far to see what kind of damage hackers can do when a business does not ensure secure email. In what’s being called “the biggest leak in whistleblower history,” the Panama Papers hack made international headlines last month. This hack enabled 2.6 TB of data to be stolen through the email servers of Mossack Fonseca, a legal firm based in Panama City.
The stolen data gave information about offshore bank accounts and shell companies used by prominent people worldwide to avoid taxes or conceal their wealth, according to “The New York Times.” The hacker then communicated with a German newspaper regarding the confidential files, expressing his or her interest in exposing the data. Once the newspaper realized how much data was involved, it contacted the International Consortium of Investigative Journalists, which has coordinated other tax haven mega-leaks in the past. Together, they released the information to the public.
So how did the hacker get access to the legal firm’s email servers in the first place? According to ITPro, security and privacy expert Christopher Soghoian ran a test showing Mossack Fonseca did not follow Transport Layer Security (TLS) protocols for email encryption. Whether you believe the Panama Papers leak was a good or bad thing, a more important question remains: What can IT security professionals learn from this?
Here are three tips for ensuring secure email:
  1. Encrypt important emails—When email encryption is not part of a business’s security measures, hackers can easily intercept emails and read them. Any information contained in these emails or attachments can help hackers gain further access into a company’s network.
  2. Create a business culture of security—Be sure that all employees are aware of the risks of lax data security and help them recognize suspicious requests and phishing schemes. Hacks often occur because a hacker finds just one “in” that leaves the network vulnerable. This “in” can be as simple as a stolen email or portal password. Hackers can then send emails from an internal account and make IT requests that sound legitimate. From there, they can potentially breach the email server and obtain access to all incoming and outgoing attachments, burrowing deeper into the network until they’ve reached the information they want to find.
  3. Choose a secure email service with impressive security features—This means selecting a service that promotes business communication while actively protecting sensitive information. It should have built-in defenses against viruses, spam and phishing attacks. Deep content analysis should identify, monitor and protect data, thereby preventing data loss.
  4. Don’t let your organization become one of 2016’s data casualties.—Do everything possible to avoid Mossack Fonseca’s fate and protect your, and your customers’, sensitive information through top-notch email security.
Get more out of your email to help grow your business. Tour the new Office 365 capabilities including Advanced Threat Protection, real-time protection for your messaging system against malware, viruses and malicious URLs.

[/vc_column_text][/vc_column][/vc_row]