We all receive phishing email every day. Miriam Webster defines phishing as;
a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly. Thankfully many are detected and blocked or wind up in our Junk folder. Unfortunately, many of them make it through to the inbox. The scary part is that some of you readers are already hacked and you don’t realize it yet. It is possible that you, or one of your team has been already been fooled. They received an email that asked them to click and login. The criminals actually get you to type in your credentials for them. This means that someone may right now have access to your email and is automatically monitoring if for certain keywords such as ACH or Credit Card, or Password. When the keyword is detected, then the hacker is alerted and steps in to impersonate you in search of a financial reward. We recommend adding another layer of security called MFA which stands for multi-factor authentication. You may also hear it referred to as 2-step verification or 2FA. Regardless of what your provider calls it, you should enable it. Once enabled, your account will periodically ask you to enter a code which is delivered to you via text, email, or even phone call. This code expires in minutes which prevents hackers from using it. This small inconvenience can save you from a lot of trouble and expense. Consider adding MFA to all of your accounts that support it like Gmail, 365, and Amazon to name a few. It’s a great idea to add this to your security policy and to make email phishing threats part of your ongoing team training!