Need Reliable Computer Support & IT Services? (703) 493-1796
Need Reliable Computer Support & IT Services? Call NOVA Computer Solutions at (703) 493-1796
What Employees Need To Know About Phishing Attacks
Phishing is just one of many tools in a hacker’s repertoire and happens to be one of their most effective. Through phishing, hackers dangle their bait in front of preoccupied employees who would never dream that their PC could provide an open door for a hacker. That’s why it is so important that employees understand […]
What Employees Need To Know About Phishing Attacks
BYDaniel De Steno|August 7, 2018|Business IT Articles, News, and Tips
Phishing is just one of many tools in a hacker’s repertoire and happens to be one of their most effective. Through phishing, hackers dangle their bait in front of preoccupied employees who would never dream that their PC could provide an open door for a hacker. That’s why it is so important that employees understand how phishing works, how costly it can be, and what they can do to avoid letting themselves become an unwitting accomplice to a hacker’s attack on their company.
The Nature of Phishing
Phishing involves a malicious entity that sends out emails that look like they are from reputable, well-known companies (maybe even the employee’s own employer) – but these emails are not what they seem.
Sometimes the purpose of a phishing email is to trick the recipient into revealing information such as logins, passwords, or personal information. Other times, phishing emails are used to install malware on the recipient’s computer. Once the hacker behind the phishing attack has succeeded in infiltrating the target system via login information or malware, the damage they cause quickly escalates.
Phishing Can Be Very Costly
So how expensive can phishing be? Well, consider what happened to a bank in Virginia that fell victim to two phishing attacks in just eight months. Their disaster began when an employee received and opened a phishing email which succeeded in installing malware on company computers. The malware was able to use the victim’s computer to access the STAR Network, a site used to handle debit card transactions. Through the STAR Network, the hackers behind the malware were able to steal $569,000 in that one incident alone.
But that wasn’t the end of the matter. Eight months later, even after hiring a cybersecurity forensics firm and following their advice to better secure their system, the same bank was victimized again through another phishing email. This time, the hackers again gained access to the STAR Network, but then used the bank’s Navigator system. Through those systems combined, the hackers were able to credit money to various bank accounts and then withdraw the money using hundreds of different ATMs. Losses from this incident amounted to almost $2 million.
To make matters even worse, the bank’s cyber insurance provider denied coverage and the bank is now forced to pursue a lawsuit to recover their losses.
The Very Real Dangers Of Phishing Attacks
Phishing wouldn’t be so effective if it wasn’t so easy for busy employees to fall victim to seemingly legitimate emails or innocent-looking attachments. The malware that was used to initiate the first attack on the bank discussed in this article was embedded in a Microsoft Word document. Most of us have worked with thousands of Word documents during our careers and have never been victimized by one – but it only takes one time to cost a business millions of dollars.
In this case, once that document was opened, the malware was installed and the group behind it had access to what they needed. The bank in question hired Verizon to investigate both incidents. It was finally determined that the same group of Russian hackers were likely responsible for both attacks.
Common Sense Required
Even the most powerful of cyber security systems is still susceptible to attacks that take the form of phishing or social engineering. As long as people continue to subscribe to the view that firewalls, anti-virus, and anti-malware systems provide all the protection against cyberattacks that a company needs, then successful phishing attacks will continue. Education is one of the forgotten keys to foiling phishing attacks.
Employees need to be taught how to recognize a suspicious email and be given real-world examples of how convincing phishing emails can appear. They need to be encouraged to view both emails and attachments with a critical eye. Employees must also understand that, under no circumstances, is there a legitimate reason for someone to ask for their password.
Another aspect of this type of education is making sure that people realize that the targets of phishing are not C-suite executives or IT technicians, but employees from all levels. Through a connection to the company’s network, any employee’s computer could serve as a launching pad for an industrious hacker’s plan of attack.
Conclusion
Phishing attacks are a reality that must be addressed if a company wants to avoid becoming a victim. These attacks often result in very expensive losses that may not be covered by insurance. While the importance of a rigorous cyber security system is never to be overestimated, neither is the importance of employee education. Too many employees have unwittingly become accomplices in costly cyberattacks because they didn’t recognize a phishing email and never thought they could be the target of one. The first line of defense against phishing isn’t a network firewall, but a trained employee who knows how to recognize a suspicious email or a questionable attachment.
Schedule you free consultation by filling out the form below.
NOVA-MAINTAIN Program Terms and Conditions
This Agreement was entered between NOVA Computer Solutions L.L.C. referred to as “NOVA” and the above referenced client also referred to as “Client”. The parties agree to abide by the terms and conditions as set forth in this agreement.
Period of the Agreement: This Agreement is effective as of the contract effective date and remains in effect for 36 months. The contract is renewed automatically after the initial 36 months on a 12 month basis. Upon termination there shall be no refund or credits allowed.
System Maintenance Services: Professional services include, but are not limited to time spent – either at Client or NOVA’s site. (a) Exclusions: Unless so specified, the Covered System does not include any cabling, or any wiring external to the Covered System, telecommunications devices (including modems), peripheral equipment, software. In no event shall the Covered System include removable magnetic or optical media, ink ribbons, toner cartridges, paper or other supplies, expendables or services.
System Maintenance Services: NOVA shall perform Virtual Maintenance Services at least once per month. If client experiences a Major Alarms the client will notify NOVA by telephone. Client shall cooperate with NOVA’s reasonable requests for assistance to determine the cause of the reported problem and whether an on-site Maintenance Service visit is required. NOVA may assist Client with additional services outside the scope of the Maintenance Services. This assistance will be billed at NOVA’s prevailing hourly rate.
Fees: The monthly Fee shall be invoiced in full at the beginning of every month. Any other amounts due hereunder, including the applicable Surcharge Rate or any reimbursable out-of-pocket costs, shall be invoiced monthly as well. The rate for additional time needed per month for System Maintenance Services will depend on the package you select. No Travel Cost Within in 25 Miles of Primary Support Office, Discounted Rate for over 25 miles.
Certain Client Responsibilities: Client shall ensure that: (I) all software and hardware is installed and operated according to applicable manufacturer specifications; (ii) all upgrades and releases have been properly installed; (iii) a uninterrupted and suitable power supply and other environmental conditions have been implemented and maintained; (iv) suitable surge protection devices have been implemented; (v) no other equipment or software having an adverse impact on the system have been introduced; (vi) no repair attempts or other changes have been made other than by or with the express approval of NOVA or the applicable manufacturer, (vii) the systems haven’t been mishandled, neglected, abused, damaged by fire, lightning or water, or otherwise subjected to unusual electrical or physical stress (viii) Client periodically makes and stores in a safe place archival copies of all software and all valuable data. (a) Failure to Comply. NOVA may refuse to provide Service or may treat any such work as Other Billable Maintenance Service at NOVA’s prevailing hourly rate.
Cancellation Policy: NOVA or Customer may cancel this contract for any reason with 90 days written notification.
Limited Warranty: Client must notify NOVA of any dissatisfaction, problems, or concerns within 3 days of the date the services were provided. Client will grant NOVA a reasonable amount of time to resolve problem to Client’s satisfaction. NOVA represents and warrants that it will use its best efforts to perform Maintenance Services in a competent and workmanlike manner.
Limitation of Liability: NOVA shall have no liability or responsibility to Client or any other person or entity with respect to any liability, loss, or damage caused directly or indirectly by a manufacturer or third party equipment or programs sold or provided by a manufacturer or third party. This includes, but not limited to, any interruption of service, loss of business or anticipatory profits, or consequential damages resulting from the use or operation of the equipment. NOVA shall not be liable for any loss of data at any time, under any circumstances. Client is responsible for backing up all its data before NOVA performs any service.
Late Charges, Collections and Attorneys’ Fees: Client will be charged $40.00 for each returned check. Client will be responsible for all attorney fees and costs incurred and collection fees. Any late payment shall be subject to any costs of collection, reasonable legal fees and shall bear interest at the rate of eighteen (18) percent per month or fraction thereof until paid. Client shall pay amounts invoiced under the terms of this Agreement within seven (7) days after receipt of invoice. In any dispute, action, arbitration, bankruptcy, probate, or administrative or judicial proceedings, or any settlement thereof, NOVA shall be entitled to recover attorney’s fees and costs.
Fee Increases: This contract has an automatic 5% increase yearly and NOVA reserves the right to revise fees at any time. NOVA will provide the Client of the updated fee’s, other than the automatic yearly increase, fifteen (15) days prior to the next month’s invoice.
I / We have read and understand the Terms and Conditions above and agree to be bound by them by digitally accepting the attached quote for services.
Free Dark Web Scan to Reveal Your Leaked Passwords