Yesterday, February 12th, a new Microsoft Office exploit was revealed which allows hackers to use a backdoor to install malware that logs keypresses, steals passwords, and even cryptocurrency wallets.
According to the release, the vulnerability lies with the Windows Installer service as a tunnel that hackers have found a way to dig through. The only hurdle is the user would have to open an infected email and download an attachment file with hidden infected code. It’s a classic phishing attempt involving tricking the victim to “confirm a payment they made to the sender.”
This kind of phishing attempt seems rather apparent to not click on, or especially download. Right into the trash, it goes! However, not everyone has had the proper training, experience, or computer knowledge to identify such a brute phishing attempt. According to the Anti-Phishing Working Group, hundreds of thousands of phishing attempts get reported every month, and thousands (yes, thousands) of people fall for even the easiest ones to avoid.
Many email threats have evolved from basic spam and phishing to highly sophisticated attacks. Traditional email security offers rudimentary defenses against these targeted attacks which is why the best spam filter is you! By learning and teaching others to identify phishing emails and not to download attachments in emails from unknown sources, users will be able to prevent their systems from being compromised by malicious software.
Do not to click on links in sketchy emails.
For most people, this is a given, but even savvy individuals can be fooled when off-guard. Links can look very, very similar to a legitimate domain link, but with red flags, if you can spot them. Sometimes a URL can have just one character different than the correct domain. Hovering your cursor over links that you are unsure of reveals the actual destination URL. Some of those links can redirect to a spoofed, or fake website that tries to steal login data if you attempt to log in. It also doesn’t hurt to listen to your gut. If something doesn’t feel right, chances are it isn’t and you should not follow the link.
Staff or personal training keeps everyone on thier toes.
Cybersecurity takes practice. We have found that when employees accomplish scheduled anti-phishing training, they are far better at avoiding phishing links. Employee email behavior can be corrected with proper education and security awareness. Your staff should eventually be reluctant to download attachments and click links, regardless of the sender.
Do not use personal email on a work computer.
But what if I have an expensive email firewall? Since security software typically tops out around 98% effectiveness, the human element of detection is extremely important. Even if your company has inbound email sandboxing for your corporate email, users might be clicking on a malicious link through a personal account such as Gmail. In that case, your corporate phishing protection software is unable to see the traffic. Everyone should be aware of the risks of using personal email accounts on expensive systems with potentially sensitive data. At work, it is good to stay skeptical about all aspects of email.
If you’ve got a throng of stubborn or gullible employees, let us take that hassle away from your growing company’s productivity.
Our first line of defense against email spam is on the firewall side. We deploy an email security gateway that manages and filters all inbound and outbound email traffic which protects organizations from email-based threats and data breaches. We are diligent in protecting against incoming malware, spam, phishing, and DDoS attacks so that business productivity isn’t impacted or compromised.
The next line of defense if it makes it past the firewall is our network email protection software. We use and recommend a quality antivirus product which enhances the built-in security of office tools such as Microsoft’s Office 365 and Google Apps by blocking malware, spam, ransomware, and other attacks with greater precision per PC. We keep the software up to date which stops new and evolving threats, which would usually evade traditional security software, by using advanced heuristics and impersonation controls. We can repel even the stealthiest email attacks!
The additional benefits of letting Smart Offices protect your users from sophisticated spear phishing attacks is with comprehensive link delivery evaluation. Data leakage can be a severe problem for many companies which is why we strive to keep your data secure and confidential using policy-based encryption controls. Using our services lets your business take advantage of the new and sophisticated machine learning that can detect even the sneakiest of phishing attempts. Learn more about our comprehensive plans.
