Unfortunately, back in November, our clients saw a spike in successful email-based attacks. Although it was noticeable, it wasn’t huge. Equally, it didn’t last. However, it did highlight something scary. How vulnerable people can be to these sorts of attacks. In this blog, find out what happened, why it happened and consequences.

each scam was slightly different

The scams were slightly different, but they had one initial goal. To trick our clients into entering their Microsoft 365 email address and password into a fake Microsoft login page.

Consequently, two out of seven people put in their details. On both counts, their Microsoft 365 accounts were compromised.

While some of the emails contained malicious links, security software may have detected them.

And others linked to legitimate sites like DocuSign. But they contained links to the fake websites.

cyber criminals take lots of different approaches

The scammers adapt and evolve. So, we all need to stay alert and wise to their crafty games.

First case: within 15 minutes, 600 contacts were sent malicious messages. Our clients account was quickly locked down. And the attacker ejected. But the work that followed took hours. All 600 people had to be contacted. They were informed to take care and delete any suspicious messages.

Second case: the attackers simply watched. They waited for an invoice to be sent. Next, they proceeded to contact the recipient of the invoice. The scammers told them they’d updated their bank details. Followed by insisting on payment being made to the new account immediately.

However, the person who received the messages for prompt payment, figured something wasn’t quite right. As a result, they contacted our client by phone. Subsequently, we were notified, and were able to kick out the attacker and return services to normal.

ways to protect against scams

Generally, there are many ways of protecting against these kinds of attacks:

➡️ from geo-blocking (limiting which countries can log on)

➡️ to using password managers (which won’t offer credentials for fake sites)

➡️ through to enhanced email protection, which is something we’re now offering to all clients

smart email protection … what it does:

  • scans all of your messages
  • filters out the worst
  • warns you of suspicious signs in the rest

You’ll have a visible banner at the top of each email. This clearly explains the status of the message. The most suspicious emails will be colour coded. And you will have the option to report the messages for analysis. Importantly, you can mark them as safe or block them altogether.

Stay safer from email scammers, with our Email Guardian.

Meanwhile, contact us. We can help strengthen your defences against email based attacks.