We, at Matrix, have had an increase of tickets in the last week identifying potential phishing or fraudulent attacks delivered via email.
The aim of this article is to provide you with the best practice in minimising these attacks for you and your staff and more importantly retraining users on what to look out for.
If we can be of any more assistance in training, implementing the following technologies please contact us at [email protected].
Multi Factor Authentication (MFA)
MFA put simply is something you have (your phone) and something you know (your password). By combining the two, Microsoft can better authenticate your logon. Most phishing scams extract your password and then hackers emulate your logon accessing emails, data or to carry out fraudulent activity.
MFA is very simple to implement and use. The only additional requirement when logging into the system is to click ‘Approve’ on your phone. Consequently, if you phone asks you to ‘Approve or Deny’ a login randomly then it is likely someone else has your username and password. If this is the case, then call Matrix immediately and we will disable / change your logon credentials for you, ensuring your data remains safe and secure.
Email filtering – Advanced Threat Protection (ATP) / Artificial Intelligence (AI)
Most phishing and fraudulent activity is typically driven through an email scam. We provide two products, the first carries out ATP and scans attachments and links detecting zero day and known threats.
The second is our Sentinel product, usage Artificial is our Intelligence (AI) we are able to scan your email accounts and create known interactions identifying the most complex of subsequent scam emails.
What it means in plain English is you will vastly reduce suspect email in your inbox, removing user interaction and the potential threat.
The biggest threat – you
The biggest threat to a data breach is – the person reading this post. Users pose a threat to systems as they/we use the systems. Despite minimising risk if that email lands in your inbox you need to think ‘SETH’ first.
Stop – Take 5-10 seconds and look at the email, don’t skim over and click on the instruction – PAUSE
Evaluate – Are you expecting an attachment, email, shared document, parcel from China?
Think – Do you know the sender? Does it look suspect? Is something not quite right about it?
Hover – Move your mouse over the link, does it go to ‘http://somewhere.random.com or to your company Microsoft link – check it against your SharePoint link.
By spending 30 seconds considering whether the email is legitimate could save the business £1000’s in lost revenue or data leakage. If in doubt, contact us for a second opinion, better to be safe.
Matrix can offer simulated phishing email attacks, providing your users with real life examples and training on future prevention. Each simulation will identify a user training requirement and provide them with suitable courses for improvement dependent upon their interaction with the simulation.
What to look out for
Below are two examples of emails received this week.
Have any more questions or interested in the above products? Let us know by email [email protected] or call us on 01329 888 444.