All posts by : Tiedata

Phishing attacks are all too common in the world. Cyber-security is one of the top priorities for all business owners worldwide, particularly in light of lockdown measures resulting in more people working from home. Keeping your emails, data, employees and clients informed and safe is absolutely crucial.

Verizon Data Breach Investigations found that last year, 94% of malware was sent via email. How confident are you that 100% of your employees can accurately identify a phishing email? Keeping informed about phishing techniques is the key to preventing attacks.

Here are 5 ways to help you identify a phishing email:

1.  Suspicious Attachments & Links

Identifying phishing emails can be tricky, as they come in many forms and appearances. However, the one thing they all have in common is that they contain a payload. A payload is the button/download that the attacker wants you to click on in the email. We’ve all heard ‘don’t open any suspicious links!’ before, but when the link doesn’t look too suspicious, all it takes is a split-second decision to release the infected attachments or links.

Many payloads lead to websites that hope to obtain sensitive data/information. Usually, attachments are the worst to open, as they are often infected with malware. Unfortunately, attachments are also some of the easiest attacks to disguise as they can easily be made to look like a legitimate PDF or document.

Top tip: Never download or open any attachment you are unsure of

2.  Poor Spelling and Grammar

We all remember being told in English Language that grammar is important! Well, funnily enough when it comes to phishing emails… it can be a great indicator that something is wrong.

It is commonly thought that cyber criminals use grammatical errors intentionally in an attempt to target more gullible people. This might sound harsh, but the reality is that they believe if someone is unable to identify grammatical mistakes, they might not be paying a lot of attention to detail and will be less likely to notice the warning signs of a cyber-attack.

This is just a theory of course, but better safe than sorry! It’s worth mentioning this element of phishing emails as it is a very common occurrence, especially as many cyber-attacks come from locations where English is not their first language. Most scammers do not take to the time to carefully craft well-worded emails and documents like a professional organisation would.

Top tip: Look for grammatical mistakes, not spelling mistakes!

When creating phishing emails, attackers will often use a spellchecker or translation machine, which will give them all the right words but not necessarily in the right context.

3.  The Sent Address is from a Public Domain

Every legitimate organisation will have its own domain when it comes to emails. This is a really quick and easy way for you to identify fake email addresses. For example, no business will contact you requesting personal data from a “@gmail.com” email address, or any other public domain (except some small sole traders perhaps).

Well established organisations will usually send email from a public domain that is the same as the sender name. For example, Apple will email you from “@apple.com” or about your iCloud from “@icloud.com”.

If you’re not 100% sure whether the email is safe, you can always search online for the domain name of the organisation to clarify from a reliable source whether the email you’ve received is real.

Top tip: Look at the email address, not just the sender

Especially if you are viewing on a mobile, always check the full sent from address and not just the name of the sender, this can give away the fraudulent domain hiding behind a trustworthy business name.

4.  Misspelled Domain Name

As well as checking that your email is from a public domain, it is also important to double check the sender’s name for any misspelling. These clues can be a little more subtle and hard to identify, but it’s worth the time to take a second look.  

Domain names can be bought by anyone, and although they all have to be unique, scammers intentionally choose names that are similar to those of a trusted organisation. Anyone can buy a domain name.  For example, an email from info@apple.uk.com could be quite hard at first glance to distinguish from the real info@apple.com

You might feel very confident in your ability to screen for false domain names while you’re reading this – but unfortunately even the best of us slip up from time to time. When you are in the middle of a busy working day, looking at your 1000^th email of the day, it’s an easy mistake to make!

5.  A Sense of Urgency

Cyber-criminals know that you are busy, and that you might (occasionally) procrastinate. Juggling hundreds of emails with varying priorities often means that email get ignored for a little while. This is something that hackers want to avoid as it will give you longer to reflect on the content, and perhaps even come back to it with a fresh pair of eyes.

Scammers want you to act immediately so that you don’t have as much time to consider your actions. You will find that the majority of phishing efforts place an emphasis on urgent action, immediate reward, or instant results e.g. “you will receive a call within one hour to confirm your deal, but the deal ends at 4pm”.

In the workplace, your employees are likely to drop everything if an email posing as a boss or an industry professional comes their way telling them to “act now”. Creating a cyber-security aware culture in your workplace is crucial in preventing the success of this kind of attack. If your employees feel safe to raise concern about any suspicions they have (even if it looks like it’s from a boss!) then they could prevent a scam, rather than being too afraid to have the awkward conversation.

We hope that these tips will help your business to decrease the likelihood of a cyber-attack. Maintaining a vigilant approach to cyber security is so important for every business. Ensuring that your employees, users and clients are educated and aware, will help to create a culture of safety in your workplace.

There is so much more to consider when protecting your users with sufficient security. Chat to us today to find out how you can keep ahead of the curb, and out of harm’s way.

Cyber criminals thrive on human error. Email is a great way for them to exploit it: criminals have a direct line to a vulnerable part of any organisation’s security. So if a workforce isn’t aware of email security best practices, their business is living on the edge. Beyond simply installing a firewall, there are various measures CIOs and IT professionals can take to minimise risk. Let’s take a look below…

Blacklists and whitelists

You might as well start with what you know. Place any known cyber threats and spammers on a list. Do likewise for known, trusted domains. This is probably the simplest way of keeping the bad guys out and letting the good guys in.

Use a good spam filter

This will weed out the most obvious attempts to enter an employee inbox. Granted, even with a good filter in place, plenty will still get through. But this will minimise the scope for casual employee clicks spelling disaster. Impress on employees to never reply or click “unsubscribe” as that will confirm the address as legitimate to the spammer.

Beware of phishing emails

Malicious emails that do beat the spam filter will very often be phishing. Such emails usually contain a link to a familiar site. E.g. Pay Pal. This site will be fake and ask the victim to enter personal information. Training employees to spot and ignore phishing scams is the number one response to this. In addition, a “simulated phishing attack” could also help. Essentially a fake attack designed to test employee knowledge and show those who fail it the correct course of action.

Anti-virus and anti-malware scans

You can’t trash any email that looks unfamiliar. Then you’d likely be ditching legit items you want to see. Antivirus and anti-malware email security should be installed on top of a spam filter. This will scan all emails and attachments and alert an employee if there’s reason for concern.

Password Best Practice

Another easy win is creating strong, hard to guess passwords. I.e. abstract word and number combinations. Couple that with multi-factor authentication. This makes password logins require credentials on top of a username and password. Fingerprint scanning, facial recognition, security question etc.

Avoid public WiFi for email access

Your typical WiFi hotspot is not run by an IT professional. Security is thus, lacking. Yes, boycotting public WiFi can be easier said than done. So, if 100% necessary, consider using encryption software.

In many ways, a business’s security is only as strong as its weakest employee. So underpinning the above is sufficient education and training. This will make the first line of defence – humans – less prone to human error. Still, no strategy is foolproof. One final consideration is the frequent and automatic backup of all company data. This way, when threatened by a ransomware attack, a business can simply wipe and restore.

To discuss email security further speak to a member of the Tiedata team today.

Security Awareness Training is crucial during remote working. There has never been a more important time for organisations to adopt a cyber secure working culture than now.

Reduce the cost of your mobile office

At Tiedata we are working to do all we can to help our customers’ businesses continue to run smoothly during these uncertain and challenging times.  

Many organisations are now providing remote working solutions for their employees, a challenge in itself, while still functioning as normal and without incurring additional costs.  

To help relieve a little of the financial burden, Tiedata are now offering our Cloudya cloud telephony solution free for two months* on all new cloud telephony systems.

Key benefits of a cloud telephony solution include: 

• Mobile Office  – Access all your employees from one number, across multiple devices, wherever they are with extension to extension dialling.   
• Reduce Costs  – No additional maintenance costs, lower fixed costs, reduced call costs 
• Easy Set-Up  – Deploy the system with ease, also available for remote configuration  
• Proven Reliability  – Resilient architecture, with 24/7 support included 
• Future–Proof  – Unaffected by the ISDN switch off 
• Microsoft Teams 365  Compatible – Stay connected with an enterprise level voice solution within Microsoft Teams. 
• Easy Billing – Pay per user per month, once the initial 2-month offer ends 

Speak to a member of the Tiedata team today to take advantage of this offer! 

*For the first 2 months after signing the contract, there will be no per user subscription costs, cost will be levied for your initial set up fee, any call costs, fixed minute bundles, Add-on services (i.e. call recording) and one-time number transfer fees. Offer ends 30^th April 2020. 

Our ¨Getting Started with Teams” is our first in this video series of how to get up and running with Microsoft Teams. This video is ideal for beginners and those who haven’t had any formal training and would like to know the basics as well as tips and tricks on the essentials of the tool.

We are planning to release four further videos in this series which will be posted to our blog soon.

Thank you for watching and if you would like any further information on how to get up and running with Microsoft Teams or how to receive further training please don’t hesitate to contact our team.