In 2019, email remains a real vulnerability within IT systems, and with criminals using ever more sophisticated approaches, more than ever it’s worth highlighting that a cautious approach to its use is the best defence.
Hackers often gain entry to IT systems, as a result of the actions of a user on the network. Typically, this involves a user clicking on a seemingly innocent link, sent within an email.
This action can often give the hacker the opportunity they have been waiting for, and a typical ploy is to then encrypt the company’s data and then demand a ransom, which even if paid doesn’t give any guarantee to the company that the hackers will actually unencrypt the files (and so payment of ransoms is never advisable).
The key piece of advice is to think before you click on any link contained within an email. Before you do, care should always be taken to check the senders email address, as this can often be a good way of detecting a fake email.
To consider also is if the email is requesting something slightly out of the ordinary. Another ploy of hackers is to initiate the transfer of money. A spear phishing attack often can involve the hacker researching a potential victim, so if an email looks to be internal, and relates to the transfer of financial sums, a call to the person issuing the email is often a wise move. Hackers might also construct and email trail to make the email look even more convincing.
Finally, if the email urges urgency to click a link or transfer money, this again should ensure you take more time to assess the email, as building a sense of urgency is a key tool of the internet fraudster.