My Email was Compromised, Now What?
Is there any company that doesn’t use email out there? Probably not, right? This is because email is a standard in pretty much every organization across the globe. Email is typically the primary way that businesses communicate with employees and customers in real-time. If you use your email for other things such as subscriptions to news or for apps that require an email address to get set up, you probably also get flooded with several marketing emails from those companies.
Because we do this, it is really easy to get hundreds of emails a day. Some may be things that you are interested in and others may be something that you automatically trash without even opening it. You may even open the message to find an unsubscribe button or mark it as spam.
Now, if this is your work email, you more than likely read all your emails since you do not want to miss an important communication with a potential client or even your boss. This is something hackers are fully aware of and find tricks to get you to open emails and have you click on things that can potentially harm the business. This type of cyber crime is called, phishing. Hackers are no longer sending emails from “royalty” in other countries asking to send money and they will pay you back with interest. Hackers are now disguising themselves as customers or even your boss! If an email is from someone and that person claims they never sent you that email, there is a possibility that the real email address was “spoofed.” This is a clever trick that is done because hackers still depend on the human error factor to penetrate a company’s infrastructure.
Scary, huh? Well, there is no need to panic. There are a few tips and tricks that you can do to help mitigate or altogether prevent damage or business interruption caused by phishing or spoofing.
How can your business prevent attacks like phishing or spoofing?
First, training your employees and teams on how to recognize phishing attempts will only work if the fake emails look different from trusted emails. Some things to first recognize are:
- Was the email unexpected?
- Was it sent from someone else on behalf of someone of authority that you know?
- Does the message state that there is urgency?
- there an attachment that probably wasn’t needed or suspicious for even having one?
- Is the email address a bit different than normal?
These are things that should raise suspicion when received. That last point is quite common since most individuals do not thoroughly inspect the email address. Hackers usually have a misspelled domain but at a glance looks legit. An example would be from "email@example.com" versus "firstname.lastname@example.org." You can see that at a quick glance these two email addresses look the same but a closer look will show the first is missing a letter.
Just like everything else though, you can prep and train all you want, but what if you become a victim of a phishing attempt? What should you do? Are your contacts asking you why you sent them an email that you are sure you did not send? Here are some recommendations on what to do if your email is compromised:
Change your password
- This should be the first thing if your email address was compromised. Sometimes hackers can log into your mailbox after figuring out your password and send emails from you!
Report the incident
- Make sure to let your IT department know. Your mailbox may need to be unlocked especially if you use a mail provider such as Office 365 or Google G Suite and emails that were sent on your behalf reached the limits that are in place.
- Make sure to let your contacts know what happened. This is never a fun conversation but making them aware will be much appreciated and can even help maintain integrity.
Scan your computer
- Run virus and malware checks on your computers. Others in the office may want to do the same because if a computer was compromised, there is a chance that the virus could affect all the computers and/or devices that are on the same network.
Hackers are becoming more and more sophisticated as the years go by. Just like you have your guard up when you know something doesn’t feel right in your day-to-day activities, you need to have that same awareness online.