I was targeted today by a phishing email
Not that this in itself is unusual – I’ve gotten many of these emails trying to trick me into clicking a malicious link or opening an infected file. However, I received this particular email this morning from a person at a firm that I’ve been working with. Clearly someone hijacked his email. An hour later, I got another email from him apologizing that his email had been hacked. Do I understand what happened? Yes, he was probably hacked through some phishing email he received. I appreciated his apology and warning not to open the file. If I had been fooled or simply careless, I might have clicked the link already and the warning would have been too late. Luckily, this particular phishing email was pretty easy to spot. Others are not.
His firm is in finance and they’re interested in working with us. Would I now work with this firm? I have to admit I’m a little more hesitant now. I’m sure the firm’s IT group is busy locking things down, focusing on more employee training, and beefing up its defenses. At least I hope it’s doing this. But the damage is done – my confidence has been eroded. This isn’t a death sentence and if they demonstrate they’ve addressed these security issues maybe I’ll give them another chance. But in today’s competitive environment, it is just one more tick in the “cons” column against working with them. And it’s a perfectly honest mistake. The phishing emails these days are more sophisticated, more realistic, and more devastating. It happens.
How do you minimize the chances you’ll be a victim of this type of hack? (Notice I didn’t say “prevent” because that’s nearly impossible these days.) In many cases, all the firewalls, anti-virus engines, and IDS/IDP systems in the world can’t stop a person from accidentally opening a malicious link or file. I think educating and training employees is high on the list of ways to improve your security posture. Our Cybersecurity team is ready to help companies assess their vulnerabilities, understand the current and future threat landscape, and train employees to be more aware of the social engineering tricks that can trip them up. We specialize in small and medium enterprises that are looking for help while staying within a reasonable budget. These days, it’s harder and harder to avoid these attacks – but preparation and knowledge are the best ways you can protect yourself and avoid becoming an easy target.
Click the following link to learn more about Biscom’s Cybersecurity Consulting.