Cyber criminals tend to follow the path of least resistance. The easier it is to hurt businesses and take their money, the more businesses they can attack. It’s the ‘low hanging fruit’ principle.

The most common avenue of approach to effect any type of Cybersecurity breach is through email. The most common tactic used by cyber crooks is phishing – using deceptive emails which encourage the end user to click on a malicious link or attachment which releases the malware into the network.

No in-house IT support or outsourced Managed IT Services provider can prevent an employee from clicking on a malicious link or attachment – any more than a fireman can prevent someone from tossing a lit cigarette into dry weeds. It’s what happens after the fact that separates the IT support experts from the garden variety IT services ‘guys.’ A top-notch Managed Services Provider (MSP) will have it set up to isolate the intrusion in the originating workstation, wipe the computer clean and reinstall the data from any one of several reliable, protected backups – usually within a couple of hours.

No matter the cause, effect, or resolution of an attack, the undeniable fact remains that email is the river upon which almost all traffic (and cyber-crime) flows, and it’s not going to protect itself. Cooperation between an aware, concerned work force and the IT services provider is crucial.

According to the FBI’s 2021 annual Internet Crime Report, Business Email Compromise (BEC) is one of the fastest growing forms of cyber-attack – accounting for $2.4 Billion dollars in reported losses – up 28% from 2020.

What are BEC attacks?

BEC (Business Email Compromise attacks are highly targeted, using a spear-fishing tactic that relies on familiarity with the ‘sender’ - name recognition which lulls the recipient(s) into a false sense of ease that the communication is legitimate – when it is not.  These types of attacks require quite a bit more effort from the cybercriminal than other tactics, but when successful, the payoff tends to be significantly greater.

This specific form of attack involves the spoofing of email accounts belonging to key executives such as CEOs, CFOs, or a title recognized as possessing financial authority. BEC often involves compromised vendor emails, requests for W-2 information, or requests for large amounts of gift cards (a HUGE red flag – legitimate business does not generally involve itself with gift cards).

How do I make my email secure?

The answer must be addressed in both the big picture and small picture arenas. Your IT Support does the heavy big picture lifting: Next generation firewalls, anti-virus (AV), spam filtering, and so forth. But, as noted, the small picture realm is populated by end-users – employees.

Even with the best intentions, just about any user can slip up. In the middle of a very busy day, an email shows up that looks like it’s from FedEx - but it isn’t – it’s spoofed (copied), has all the right logos and looks like any other FedEx email. It offers a link to check the tracking on your delivery. Maybe you have a package on its way, maybe you don’t, so you click to see what it is and your computer becomes infected.

Tips for ensuring that your own email is as secure as possible:
From Technology Safety (techsafety.org) – only the bullet points are included below, but the comprehensive description can be viewed HERE.

1) Use non-identifying information
2) Use a password known only to you
3) Use ate least a two-step verification
4) Review security notifications
5) Use only secure devices
6) Always log in/out
7) Don’t let browser or mobile device remember your accounts/passwords
8) Be judicious as to who gets your email address

Some of the above tips are often ignored. One of the inherent challenges of strong Cybersecurity is that users often view things like logging in/out for every session as cumbersome and time consuming. Obviously, it’s easier to stay logged in if you can, but so is leaving your front door wide open when you go to bed instead of taking the time to close and lock it.

Here on the IT Support LA website, we provide useful tips that will help safeguard your system. Please take a look at Cybersecurity Strategy, Security Awareness Training, Cyber Security Dos and Don’ts and Creating Strong Passwords.

Frequently Asked Questions

Q: Can you tell if someone hacked your email?

A:  There are tell-tale signs. One of the most common means by which hackers obtain is through a data breach of the company that holds your email information. The obvious signs:

1) Your password has been changed and you cannot log in. Hackers sometimes do this to keep you out.
2) Unknown emails in your inbox. If suspicious, check for sent emails that you did not send.
3) Emails from your bank or credit card provider asking for verification of account information.
4) Friends and business associates ask you about strange emails they received from you – often spam.

Q: Is spear phishing more successful?

A: Spear Phishing is far more successful than other phishing attacks. They are more targeted, complex, and require a lot of work. The targets usually represent big money or intellectual property.

Q: Is spear phishing social engineering?

A:  It is absolutely social engineering – the cybercriminal poses as a trusted person and uses trickery to get the victim to click a malicious link or email.

Q: Where do cybercriminals find their targets?

A: The most common source is through the hacking of financial institutions. It’s easier to hack a company holding the information of millions of customers than any other way to identify worthwhile victims.

Is your network - and email - secure?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft.
Just fill out the form on this page or call us at:
818-805-0909