We all use email; it's one of the most powerful means of communication and collaboration, but it can also be a dangerous place used to compromise companies from a cyber security perspective. Emails can often serve as a 'trojan horse' for attackers to target and compromise your users by “phishing” for their credentials. A method of 'Social Engineering', this is most commonly in the form of an email attachment or web address link.
Stop The Attack Happening
There are many ways to try and minimise the risk of falling prey to an attack.
If you host your email on Microsoft 365, there is an additional protection filter called Advanced Threat Protection (ATP). ATP is a per user bolt-on which, amongst other things, reduces the amount of harmful emails that can reach your inbox.
How Does the Attack Arrive
The emails can appear to come from anyone, falsely attaching genuine looking information such as a supplier invoice. Many also incorporate a fake URL, others will also claim to be your bank for instance with a very similar domain.
These kind of scams can very often be detected simply by checking the domain (web address). If the domain (.co.uk or .com) doesn’t look genuine then the chances are it probably isn’t. Never click an attachment or a link for example from 'This-is-the-real-microsoft.com' or 'This-Is-Your-Bank.co.uk., they won’t always be as obvious or as fake as these, but you get the picture.
When in doubt, always ring the sender if it is a name you recognise just to be safe but don't use the contact details on the email!! It is also possible that the senders address is genuine, but their own account has been compromised and the attacker has then sent the harmful email to everyone in their address book.
If you are not sure if an email is genuine, then do not risk clicking on any links or attachments, especially if it is an unexpected “invoice” or a company informing you that their banking details have changed. Human error is the number one cause of compromised accounts, stolen passwords, ransomware attacks and accidental payments to a fake supplier.
The Solution
ATP applies a multi-layered defence mechanism to all sent and received items. Microsoft analyse billions of emails and millions of accounts every single day to find malicious content, suspicious activity and phishing attempts. By analysing content, links and attachments in a sand boxed environment, this bolt on can filter out as much as 90% of phishing attempts before they can reach your mailbox.
Whilst it won’t filter out every single phishing attempt, it certainly goes a long way in reducing the chance that a member of your team clicks a suspicious link or attachment and it is also a very inexpensive method.
For less than 5p per user per day you can give yourself the piece of mind to know that your business is covered.
To find out more about ATP please do get in touch with the Team at Affinity who will also be able to discuss the other security features you can access to reduce the risk of your organisation being compromised.