I’m sure we can all agree. Technology is a great tool for our businesses and schools. It can make our lives easier in so many ways. However, there is a problem with information technology that can’t really be fixed. This is the problem of how easy it is to take advantage of someone over the internet. While this dilemma can’t be fixed or stopped completely, there is a way for you to protect your business, school, and/or your employees from being susceptible bait to criminal’s phishing emails.
So what is Phishing?
Phishing is the fraudulent practice of sending emails with the purpose of stealing sensitive information. This can happen by fraudsters sending an email with malicious links or attachments, or by outright asking for sensitive information or payment through the email text. Phishing is usually accomplished by the fraudster impersonating a trusted 3rd party. Unfortunately, the most common place for phishing to occur is in the workplace where sending and receiving emails happens so regularly, so often, and to so many people, that a spoofed email is easily overlooked. As an additional threat, when you receive email on a mobile device it often doesn’t show the whole email address of the sender. When this happens, you may only be able to see the contact’s name. If the fraudster is impersonating a trusted 3rd party, a phishing email can go unnoticed.
How are you a target?
As a working professional in a business or school, you may have access to a lot of sensitive information or have a company credit/debit card that puts you at a higher risk for accidentally exposing sensitive information or satisfying the fraudster’s request. In day to day duties, you may also frequently perform tasks in which you are required to enter personal or sensitive information. Opening spoofed emails or clicking malicious links could be the beginning of the road for fraudster tracking down that sensitive information and you may not even be aware that it is happening. This alone is reason enough to make sure you act proactively in preventing a security breach from happening in your business or the business your work for.
What you can do:
Our solution to combat this problem is to configure an external sender warning. This warning will appear ahead of the subject line every time an email is received from a source originating outside the specified domain. An external sender warning can be established for everyone within your domain. This will alert the user to a potential phishing threat. This warning will allow the user to use their own discretion when opening emails and serve as a reminder to take extra precautions when reading/opening an email with an external sender warning.
ITS advises you set this up (we can even help you) through your Gmail, Office 365, and/or Hosted Exchange settings. We recommend you take our advice as it will give you, your business/school, and your employees an extra layer of protection against a phishing scam.