Email Spoofing! – Email Best Practices
“It looks like you have you been hacked!” What a Monday morning wake-up call! From 0-60 in less than 1 second! First, let me re-assure you that our systems and private servers were not hacked, but we did find that one of our staff responded to an inquiry from a government agency that started this email spoof. Here is what we learned after several hours with our private IT team as well as Google Security…
How to Avoid Spoofing
3. Key Indicator – Link Address & Domain Name
If you hover over the attachment here, you will see that the link address (bottom left hand corner of your screen)is…https://drive.google.com/a/eecpa.com/file/d/0B96XG2O1QihJQ2Z5SktzY2tvY2s/view?usp=sharing_eid&ts=575d59c5
Notice that it is coming from eecpa.com NOT some strange IP address.
Now, if you were to look back at the original message from Wyoming Department of Revenue and hover over the “Click Here to View”, you will see in the bottom left hand corner of the screen that this is actually coming from….http://lanixeng.com/bami/pagedoc/dbacfd4c3be243d26bf35df6ee2d26fb/
If the email were actually from the Wyoming Dept of Revenue, then you would expect to see wyo.gov in the link address, but you do not. This is the key!
B. Follow Best Practices
Now, say that you fail to identify the email as a “Phishing Scheme” and you click the link anyway….
If you use Google Apps, OneDrive (Microsoft), Box, DropBox, etc, you will login to your own account and you will see the document that we shared with you under “Shared with Me”.
Security is key in today’s business environment. Be aware and trust your gut if something just doesn’t seem right. A quick text or call to verify could potentially save hours of your time. We spend quite a bit of time at eeCPA on resolving security issues for our clients. Credit card fraud, identity theft, occupational fraud and cybercrime are on the rise. Here are some very real (and disheartening) statistics….
In 2014, Payment Card Fraud = $7.86 Billion in US and $16.31 Billion Worldwide
Source: The Nilson Report
There were 17.6 Million US Residents that experienced Identity Theft in 2014
Source: US Department of Justice
Median Loss from a single case of occupational fraud was $150,000
Source: Association of Certified Fraud Examiners
In 2015, there were 288,012 cybercrime complaints received, with losses reported of $1.07 Billion
Be aware and contact us if you need any advice!