Employ Email and Web Protection Tools
Email remains a major attack medium and a way to gain a foothold within the systems of an organization.
- Published
- September 01, 2021
Malicious e-mails may come in the form of e-mails with malicious attachments, e-mails containing links to malware distribution sites, phishing e-mails, or scam e-mails tricking SMEs into revealing their sensitive data or sending money.
Phishing emails can be very sophisticated, leveraging social engineering practices – creating a sense of urgency, and often mimicking phrasing, branding and logos of a well-known institution (such as a bank or a business partner) or just a colleague. Phishing or fraudulent emails target employees within an SME to trick them into giving away sensitive personal or enterprise information, such as passwords or credit card numbers. One popular form of malicious emails targeting SMEs are invoice redirect scams, where cybercriminals create a fake email to look like it comes from known supplier requesting the account payment details for the supplier be changed to one controlled by the criminals.
The fact that SME staff may have a low awareness regarding this type of malicious behavior, makes them ideal candidates for criminals to exploit. In tandem with cyber awareness trainings, SMEs should implement rules that won’t allow change of payment details or transfer of funds based on an email only. Such an important step should also be confirmed using a different communication channel (in person, by phone, using live videoconference etc.) to prevent cyber criminals from taking advantage.
The overwhelming amount of news coverage surrounding the novel coronavirus has also created a new danger — phishing scams looking to exploit public fears about the sometimes-deadly virus. These fraudulent emails assert to be sent from the World Health Organization, or the US Centre for Disease Control, or a renowned specialist offering information or help regarding COVID-19. You can find ENISA’s more detailed advice on how to protect against phishing attacks in an article on phishing during the COVID-19 pandemic.
Employees at SME should also know basic web browsing security practices, like how to spot fraudulent pages and stay clear from installing suspicious browser plug-ins.
In order for organizations to be better prepared against these types of attacks, it is necessary to combine solutions that will filter out the possible spam emails, email containing link to a malicious website, emails containing a malicious attachment (i.e. containing a malware payload), or phishing attempts with relevant and practical training of the organization’s staff.