A recent study of over 10,000 email servers has found that 82% were misconfigured. Servers that allow malicious emails that appear to come from within an organization or business to pass through leaves them open to various types of attacks.
Known as email spoofing, this type of attack typically starts with an email that appears to be from the IT department asking for an employee to fill out a form to update their login credentials. If that employee hasn’t been trained to spot a phishing attack, filling out the form can lead to CEO fraud or ransomware attacks where the organization’s files are encrypted and hackers demand payment in Bitcoins to get a key to unlock them.
In the first half of 2016 ransomware attacks have doubled, and these sort of phishing attacks are how they typically begin. Like in every other aspect of web security it’s a good idea to use multi-level authentication and be on the lookout for spoofed email addresses.
Employees should also be wary of any allegedly urgent wire transfer requests that come through email. Also, take the extra step to reach out and contact that person or organization to verify their identity. Simulated phishing attacks are a good way to get employees familiar with tactics scammers use in order to recognize attacks when they happen.