In this line of business there’s always something new; a new product, a new service, a new technology. One of the few things however that hasn’t changed is spam emails.
There was a bit of a golden age of email, that ended about two years ago. It was after the terrible period when email was so riddled with spam and malicious links that the only effective way to combat it was to to simply block or ignore all email from anyone you’ve never previously received email from. Effectively creating your own personal list of allowed senders.
Then our email providers got smarter, spam filters got better and spam for the most part became much less of a hassle as our email providers were quietly delivering the emails that it knew we didn’t want to our Junk or Spam folders.
Then came Phishing.
Truthfully the war between those trying to protect our digital lives and those trying to exploit it never ended. It’s a perennial cat-and-mouse game, a see-saw which will inevitably move the balance of power back and forth over time. We are currently in a time where that power has unarguably shifted out of our favor.
Phishing emails, or worse yet, Spear-Phishing emails are those that specifically target you or users like you, and attempt to trick you into divulging sensitive information or directly extract money for the benefit of the bad-actor. They’re more prevalent today than ever and there’s no easy way to prevent them. There are some things you can, and absolutely should do to protect yourself (and others) from these emails.
1. Enable Multi-Factor Authentication
Whatever service you use for email, it should give you the option to enable multi-factor (sometimes referred to as two-step) authentication. The most popular providers do (Gmail, Outlook.com, Yahoo, AOL), if your provider doesn’t you should very seriously consider changing providers.
Multi-Factor Authentication or MFA is a security feature that asks for not only a password to access your account but also some other piece of information that only you should have. Typically this is a code sent you during the login process.
For reasons beyond the scope of the blog post you should avoid using the SMS option and always choose using an authentication app if given the option.
2. Pay Attention
The reason spam and phishing emails continue to be sent is because they continue to be effective. People click on them and type in their passwords. The best thing you can do is be suspicious. Don’t trust the name displayed in the “from” field, check the email address itself. If the email is asking you to take some action verify it with the requester first with a quick phone call. If the email is asking you to update a password don’t click the link in the email, go to the website yourself in another tab. A good rule is to not click on links inside emails and don’t download attachments from people your don’t know and are not expecting.
3. Use an Email Security Service
We’re back to the days when typically the email service you’re using isn’t going to be sophisticated enough to protect your from spam and phishing emails. There are companies that have the ability to detect spam and phishing emails, warn you of the potential danger and in some cases remove the email even before it hits your inbox.
Another feature some of these services often include is training for users. They can send fake spam and phishing emails so that users learn to be more discerning, and provide training for users who fall prey. They also can provide reports so you know which users may need additional mandatory email security training.
These services are only available for businesses and typically incur an additional charge per user per month but they are well worth the time and frustration they save.
Worried about email security at your company or organization? Give us a call and let’s work on a solution together.