By: Cybermax Admin (RM)
When hacker encrypts company data, company has no choice but to pay him using what people call bitcoin, a digital currency which transactions can be performed without a bank. Once we paid, hacker will release our data, but there is no guarantee that he will restore the data. Even worse, the hackers boldly hack the email of company financial department by saying that they changed their bank account, so company should transfer the payment to their new account. Unfortunately, for the one from financial department who believes and does not check the validity of that email, willingly transfer the payment to that counterfeit account and company eventually lose money for nothing.
Based on that story, some questions might pop up to our mind: Is it even possible? Yes, it is.
One common practice that the hackers usually do is sending us an email using a provocative subject or a link from “important” sender. What we usually do is clicking on that link because we think that might be interesting or even important. However, after clicking on that link, we type on our email address and password, that is how the hackers get our information so they can use it for their benefit, which leads to our loss. One thing you should know that phishing email does not contain a malware, it is a “valid” email which goes through our mail system. The one who can decide what happen next is us, the receiver.
Who to blame? …
Rather than looking for someone to blame, it is way better to learn how to avoid and mitigate the risk of this phishing email. What we can do:
- Carefully read the header of the email, if it is coming from reliable resource or not, if it looks suspicious then do not open it.
- If there is a link on the email body, examine that link first whether it is valid domain or not, of you are not sure, report to your administrator.
- If you forget two previous steps, and the link ask for authentication, please make sure you do not give the credential information before you can validate the link.
There is another method that can help you with this phishing email issue, it is by using Multi Factor Authentication.
If you interested in knowing more about this method, feel free to contact us 😊