Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Blog

IT Department
| Tate Tooley

Let’s go Phishing!

As warmer weather starts rolling in, I’m sure many of us are getting our fishing gear ready so we can get out there to catch that big one!  Unfortunately, that’s not the type of “phishing” I’m talking about.  Phishing emails are becoming more and more prevalent.  

According to Intuit’s Mailchimp, “Phishing scams are messages intended to steal personal and financial information by pretending to be from trusted sources, like banks, vendors, or even internal departments. These messages often look real enough to trick people into sharing sensitive data or downloading harmful files.”.  Let’s discuss some things that can be done AFTER you find out your account has been compromised.  These things likely would be handled at the administrative level by your IT department or third-party consultant, but I thought it would be good to share these steps:

  1. Reset the user’s password
  2. If you have the ability, once you reset the user’s password, sign the user out of all sessions so a perpetrator won’t be able to sign back in using the user’s credentials.
  3. Remove suspicious email forwarding addresses – the perpetrator may have set up a forwarding rule to send incoming emails to another address. 
  4. Disable suspicious Inbox rules – the perpetrator may have enabled some type of inbox rules that will move/delete/forward incoming emails.

A couple of optional things to also consider:

  • Run a log at the administrative level to get a list of all recipients of the spam email to send an email advising of the email compromise
  • Block the user account from signing in for a short amount of time to clear out any illegitimate logins
  • If the compromised account has administrative roles, remove those permissions and then restore once the account has been secured.

Phishing is a constant threat, but you’re not helpless against it. Learn how these scams work and teach your employees how to spot them. Use the right tools to keep fake emails out of your inboxes. And make sure everyone in your company knows how to stay safe online. If you stay proactive and alert, your business can stay one step ahead of scammers.  Please feel free to reach out to me with any questions, ttooley@bloss-dillard.com.

16
Tate Tooley

Author

Tate Tooley

As BDI continues moving forward and the world evolves, Tate is here for IT updates and ideas.

Leave a comment

Your email address will not be published. Required fields are marked *