Luckily, many of these criminals aren’t very savvy in their techniques, and most employees will be able to spot the odd response they get, usually with poorly chosen words or strange requests. The “value” could be anything from critical or proprietary business information, information to help them further their attack, or in most cases, money. If an end user sent an initial response, the criminal is now ready to begin the real work, trying to extract value out of the interaction. The information is usually pulled from LinkedIn, where scammers search for companies and target users with specific job titles who are more likely to expect and respond to a message from the president of the organization. Often, similar messages will be sent to a wide variety of employee email addresses. Was this isolated to one individual, or is it possible that others responded to a similar message? Searching your email firewall logs could give you more insight into any other users that may have received or responded to the message. Begin handling the incident with a fact-finding mission to determine how large or widespread the event might be. If you find that a member at your organization has fallen for or responded to a targeted phishing email, do not panic. Image Credit: TechRadar Falling victim to phishing One final proactive measure I recommend is to regularly educate employees on spam and phishing email trends, as well as requesting that employees notify a supervisor or IT leader when a phishing email is seen. Scam emails usually sound urgent to get you to engage, asking things like, “Are you available for a quick task?” Making a phone call to the organization president or perceived sender will ensure that the email sender is who they say they are.
Seeing that warning can remind you to stop and think before responding.
0 kommentar(er)
