Many technology professionals have reported on a phishing scam that has duped millions of Facebook users for months. According to the article published on threatpost.com, the phishing campaign is still active and convinces users to hand over their account credentials in a fake Facebook login page. Care to read the full article? Do so at this link Facebook Messenger Scam Duped Millions. Remember to remain vigilant and exercise caution when clicking on links in emails and such.
Most cyber-attacks are initiated at the human/employee level. Whether from phishing, spear phishing, misuse or stolen company credentials, weak or redundant passwords, most cyber breaches are actually started when an employee makes an error. New employees who haven’t been trained, as well as those who’ve recently terminated are higher risks and employers and HR need to conduct better strategies to defend against potential breaches. One excellent protocol to pass along to staff who sit behind a computer all day is SLAM.
The SLAM acronym can be used as a reminder of what to look for to identify possible phishing emails. The SLAM acronym stands for sender, links, attachments, message.
Sender: when hackers send phishing emails, they often mimic a trusted sender’s email address to trick recipients into opening the email. Therefore it is important to analyze a sender’s email address before opening an unsolicited email. To check an email address for validity, recipients should hover their mouse over the sender name to reveal where the email came from prior to opening it.
Links: phishing emails generally contain links that enable hackers to steal a recipient’s login credentials and infiltrate their network. Just like with the sender’s email address, links contained in an email should be hovered over to check the legitimacy of the link. Is the URL actually directing you to the page it says it will? Are there misspellings in the link address? It is also best practices to, rather than clicking on a link in the email itself, to go to the company website directly.
Attachments: you should never open an email attachment from any sender that you do not know. However, even when you do know the sender, you should not open unsolicited email attachments. Hackers often send malicious email attachments using a compromised email address’ contact list to infiltrate the recipient’s system.
Message: while phishing emails have become more sophisticated over the years, the content of the message itself can often be a dead giveaway. Phishing emails often contain generic greetings, misspellings, grammatical errors, or strange wording. Emails that contain any of these issues should not be trusted.
While you can use the SLAM method to help you identify phishing emails, it is also important to know what to do when you recognize one.
During 2021 New River Computing (NRC) focused on ramping up its internal security systems, evaluated clients’ systems, and developed security packages appropriate for varying clients’ needs.
We offer Fortress One, Fortress Two, and Guardian Fortress, NRC’s most advanced security packages. These security products are our latest multi-layered set of protections and countermeasures designed to defend small and medium sized businesses against cyber criminals from around the world.
New River Computing has also added to its ranks. We are happy to welcome Russell Johnson, Solutions Manager, and Joshua Howard, IT Engineer. Russell is busy offering cybersecurity and other managed IT solutions to new businesses, while Joshua is the newest member of the NRC Technical Team. Welcome aboard!
April – Karen Loferski
May – Scott Daley, Wes Wilson, April Richardson
June - Joshua Howard
July - Mark Phillips
May - Hansen Ball (16), Celeste (5)
June - Wes Wilson (4)
July - Mark Phillips (11), Scott Daley (11), Alex Zammit (7)