Phishing Email Subject Lines You Should Know

phishing credit card data with keyboard and hook symbol 3d illustration Phishing Email Subject Lines

Even the best employees will encounter situations where they might accidentally put your organization at risk due to a phishing attack. What are some telltale signs of a phishing scam, and how can you tell when you need to be cautious? Certain phishing email subject lines can be indicative of their threat level. Let’s take a look.

Expel published a report on the most common subject lines of phishing emails. The consensus was that they all urged the reader to take action of some sort. For employees who are impulsive and don’t think twice about their activities, this can be devastating. Also, that’s not to mention the businesses who employ them.

The study examined 10,000 known malicious emails and found keywords used in phishing emails. Many of them used a sense of urgency to convince the reader that action was necessary. This tactic is nothing new for phishing scams. Especially considering this language is also used in marketing emails. Therefore, it’s no wonder that the lines get so blurry with this topic.

Ben Brigida, Director and SOC of Operations at Expel, had this to say regarding the matter: “Attackers are trying to trick people into giving them their credentials. The best way to do this is to make the email look legitimate, prompt one clear action, and lace it with emotion – urgency or fear of loss is the most common. The actions are as simple as ‘go to this site’ or ‘open this file,’ but the attacker wants you to be moving too fast to stop and question if it’s legitimate.”

In other words, simple and more direct subjects for phishing emails make for an easier hacking experience. This is reflected in the keywords utilized. You’ll notice that these subject lines also mimic those used by legitimate businesses. Here are three of the most common:

  • RE: INVOICE
  • Missing Inv ####; From [Legitimate Business Name]
  • INV####

Imagine receiving an invoice from a company with the threat of shutting down an important service that your business relies on. You might have so much going on in your business that you don’t even think twice and assume that you haven’t made the payment. Naturally, this is what the hacker is counting on. Take a step back and consult the appropriate resources before making a payment or clicking on a link. Sure, it could be legitimate—many invoicing companies and automated software use similar language—but it could also be a scam.

Other common phishing subject lines include words like “required,” “verification required,” or stem from file sharing, action requirements, or service requests. The tags that often get assigned to emails, like New or Update, don’t exactly help matters.

What are your thoughts on these phishing email subject lines? Would you or your employees click on them accidentally? Don’t take any chances with your network security—get in touch with 4 Corner IT today.

Secure Email Solutions for Your Business

secure email solutions

We certainly live and work in challenging times these days. With an acceleration in hacking attempts, data thieves, etc. since the beginning of the pandemic, it’s more important than ever for companies to ensure they are doing everything they can to protect themselves from potential security issues. Of course, one of the ways that users are communicating with each other and their clients even more, is by way of email. Whereas before an employee may simply have walked over to a co-worker’s desk for a work-related conversation, now many employees are working remotely, thus increasing the likelihood they may be exposed to a security threat. If they haven’t already done so, now is the time for companies to review the options for secure email solutions.  

Layered Solutions  

As the title of the article implies, it’s not enough anymore to have one security solution. Companies must think in terms of multiple security solutions, and that means layering their security coverage. In terms of email security, it’s not enough anymore to rely only on the security tools provided by the email giants such as Google or Microsoft. While these companies do offer basic types of coverage that provide some protection, smart organizations are wise to consider adding another layer of protection for their email correspondence, by way of a third party vendor that specializes in cloud-based email security.

What to Look For

When looking for third party security packages, a good solution will encompass several key components in order to address several email-specific security vulnerabilities.

Ransomware Attacks

Ransomware is a type of malware that takes over and encrypts a victim’s device or information, and it is becoming an increasingly popular type of email attack. A good email security solution will outline how it stops these types of attacks before the hacker can follow through.

Internal Threat

With more and more employees working from home, it does become more of a challenge for companies to track their employees and their actions. Whether by accident or a deliberate attempt by a malicious employee to expose sensitive corporate data, a third party email solution can block outbound email-based connections before they occur.

Spear Phishing

Hackers often use tactics such as spear phishing in an attempt to confuse an employee into clicking on a malicious link. Many hackers will take a substantial amount of time to study a company. They then attempt to impersonate someone either high up in the company they want to exploit, or someone from another other business or vendor with which they work closely. Employees not used to working remotely may feel someone isolated and alone, and just enough out of their routine to click on a link that seems legitimately sent by someone in management, when it’s not.

A good third party email solution will employ custom security controls based on correspondence patterns, location and normal activity, thus preventing employees from trying to follow through on an unusual request.

Benefits 

Third party software security applications can save both regular employees and IT team members from having to manually fend off spam, malicious attachments, dangerous file types and suspicious impersonation attacks. In addition to reducing the amount of time that employees spend on these types of threats, they also have other benefits. Cloud-based email security solution packages can provide email backup and recovery, in addition to streamlining the management, availability, and retrieval of emails through cloud-based archiving. Some companies also find great benefit in the ability of a security package to handle e-discovery and compliance issues by offering specialized tools to meet their regulatory requirements.

We’re Here to Help

If you need assistance in reviewing the current level of email security protection in your organization, we can help.

Contact us today for more information on how security layering can provide the protection and peace of mind your company is looking for. 

New York Cyber Security Study is Scary

the federal reserve bank of new york cyber security study is scary

If there is one industry where both organizations and consumers alike would want the most stringent levels of cyber security, it is likely the financial services industry. The fallout of even one successful hacking event attempted on a bank, a credit card company, a credit reporting agency, has far reaching consequences for both consumers and the smaller companies that interact with these financial entities.

According to the Federal Reserve Bank of New York’s recent report, “Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis“, firms associated with financial services are 300 times more likely to encounter a cyber attack within any given year, than other firms in other industries. This should be a wake-up call to all of the smaller organizations who depend upon the integrity of the data they receive from these larger financial institutions. While smaller firms have no control over the larger financial entities they interact with, there are steps they can take on their end to stop a cyber disaster in its tracks before it reaches their internal systems.

Maintain System Updates

Hackers are continually on the lookout for outdated systems, browsers, and other types of software that make it so much easier for them to penetrate a computer system. Every organization, whether related to financial services or not, should have a comprehensive plan that includes keeping track of all their various types of software and applying any software updates in order to stay abreast of the latest versions, patches, etc.

Regular Vulnerability Testing 

It’s not enough to hire a technology firm to do a one-time-only penetration and vulnerability test to look for weak areas in an internal computer system. Software changes continually and vulnerabilities can occur in areas that were previously deemed safe. Financial service organizations need to conduct regular vulnerability scans and penetration testing to ensure previously safe systems are still secure.

Harden Emails 

Hackers love to target email servers because it allows them an opportunity to gain access to internal email accounts and pose as employees in the organization. Malicious hackers can then ask for confidential information from another employee, who doesn’t realize they are interacting with a cyber attacker. Hackers can also send out emails to an organization’s clients and infect their networks with malicious code. A financial services company that does not harden their email activity, runs the risk of exposing confidential or sensitive data to bad actors and/or receiving a poor reputation within the financial services community for passing on a cyber security attack nightmare to their clients.

How to Stay Safe

It is possible for even smaller financial organizations to secure their computer systems to prevent the chaos that occurs from a cyber attack. While smaller firms may not have the resources to hire a full-time IT professional, there are IT management companies that offer security services to their clients. By hiring an external company to provide cyber security, even smaller firms can have access to professional management of their data without adding the burden of investing in a full-fledged IT department.  

Small firms who hire these types of IT companies should expect them to create a comprehensive plan detailing how the IT firm plans to secure the client’s data. An external IT firm can analyze their client’s computer resources and make suggestions on how to protect critical, sensitive data from becoming vulnerable to attack both from within the company and from without. At the very least, the three key points of maintaining system updates, regular penetration testing, and securing email traffic should be part of the IT company’s security plan. 

If you need help securing your financial service-related or any other type of organization, we can help!

Please contact us today for more information.

Keeping Your Inbox Clear

keeping your inbox clear
Keeping Your Inbox Clear

Greek mythology tells of Sisyphus, a Corinthian king who was punished in Hades by being forced to continually roll a giant boulder up a hill. As soon as he would reach the top, the boulder would roll right back down, and his task would start over.

If keeping your e-mail inbox clear feels like a Sisyphean task, you’ve come to the right place.

We’ve put together some tips to help you cope with the challenge and manage your inbox like a pro.

Intentionality

Just like checking your actual physical mailbox, checking your e-mail inbox should be an intentional act that’s accomplished at set times. Barring the rare case of emergency, you should not allow the ding of your e-mail alert to rule your day.

Though the frequency of how often you check and respond to messages will depend on your situation, one thing you should not do is just keep your inbox open on a rolling basis. Instead, intentionally set aside times to read and respond to e-mails.

Prioritization

As you deal with your e-mails, prioritize organization over responses. Allow us to explain why. If your goal is to respond to each e-mail as it comes in, you will quickly feel overwhelmed with the task and due to the enormity of the task, you may lose important messages in the shuffle.

Instead of responding to each e-mail one by one, quickly toggle through all your current messages, organizing them into folders as you go. Only e-mails that require an immediate response should be left in the inbox, to be cleared as soon as you’ve responded. If e-mails do not require an immediate response (that is, if they’re informational or require thought or research on your part first), they should be sent to a different folder. In this way, only your immediate tasks at hand will be left for you to deal with.

Consistency

This program only works, of course, if you make it work. If you set up your times and your folders but then fall quickly back into bad habits, you’ll see no results. Consistency, however, makes a huge difference. Plan your work and work your plan — always.

We Can Help

For more information on best practices for keeping up with e-mail, or if you would like to hear more about our premium services, please feel free to contact us at any time. 

We look forward to serving you. 

A Quick Guide To Inserting A Logo In Outlook Signature

a quick guide to inserting a logo in outlook signature

how to insert logo in outlook signature Have you been wondering how to insert logo in your outlook signature? The process is pretty simple even if you are not very familiar with Outlook. According to this article, creating and selecting a signature is not that difficult in Outlook. However creating the signature you want with for example a company logo in it can be quite of a hassle.

First, make sure you have a picture copy of the logo saved separately. It should be in a location that should be easy to find, like in the My Documents folder or the Desktop. But whatever works for you is fine.

Second, open Outlook. Click on File, then on Options on the left-hand side.

A new dialog box will open. Click on Mail, then on the Signatures (button along the right side).

This will open the Signatures and Stationary box. Inside, you will be able to see your different signatures and settings.

If you do not have a signature yet, to create one, click on New, and name your new signature. Once you click OK, you will be able to create the signature to your liking inside the open box in the bottom of the Signatures and Stationary box.

Third, once you’ve created a signature, add the logo. Simply select where you’d like to add it, and click on the add picture, or image icon. If you have the latest version of Outlook, it’s the second to last icon above where you’re creating your signature.

Once you click on it, it will allow you to pick your logo image.

Click Save, and you’re done. Your signature has a logo.

To add a logo to an existing signature, simply highlight name of the signature by clicking on it, and select where you would like to place the logo. Then follow the same steps to add the logo by clicking on the image icon. Don’t forget to save.

And you’re done! Outlook has many incredible features to help you conduct business, and allowing you to add logos to your signatures is only one of them.

To learn more about how Microsoft Outlook can streamline your business, contact 4 Corner IT.