Is your e-mail domain secure?
In recent months we have seen an increase in phishing and spoofing emails. It’s possible that you may have seen them in your inbox! These are some scenarios you may have come across:
- Spoofing: If you’ve seen any messages in your inbox from what seems to be a colleague but is from a different email address, you may be target in a spoofing scheme. Maybe you received an email from your boss asking for money or someone else’s contact information, but the email address that is sent from is only a letter or two different from your actual domain. For example, if I received an email from firstname.lastname@example.org, I might be in trouble!
- Phishing: If you’ve seen any messages looking for you to log in to a website, or possibly asking you to re-enter a password, this could possibly be a phishing attempt. Most websites and services will not ask you to ever re-verify a password. Double check any messages that ask for financial, personal and/or confidential information. A recent example is an email from email@example.com that is floating around saying that your account will be de-activated unless you log in again with your credentials. This email is not legitimate.
- Compromised account: If you’ve seen an email from a colleague that seems suspicious but you have verified is from the correct address, it’s possible the account was compromised. This is arguably the most dangerous position to be in as an account within your organization is in the hands of third party with malicious intent (in most cases.) A compromised account has access to all of that user’s contacts, past emails and may set inbox rules to obfuscate the fact the account has been compromised.
The good news is that there are ways to mitigate the three above scenarios and we are here to help. Some tools you can use are:
- Multi-factor Authentication
- Anti-Spoofing policies as a part of domain administration
- Team trainings on spoofing and phishing examples
- DNS-level changes
- Cisco Umbrella
Feel free to reach out to firstname.lastname@example.org and we can schedule a meeting or phone call to discuss how to best protect your organization. We are here to help!