We've seen a recent spike in the number of phishing attempts using the strategy of domain duplication. This is a common tactic to lure unsuspecting users to click where they shouldn't. There's been a large concentration of this incident occurring in the Seattle Metropolitan Area, probably due to the rapid growth of new business, particularly in the Tech sector.
What Are the Hackers up To?
Hackers will purchase a domain that looks identical to your business' domain except for 1 character. So for instance, a hacker might purchase gooogle.com (with an extra "o") to make it look like the domain is really the google.com domain. Then, they will send one of your employees an email at that domain i.e. firstname.lastname@example.org. Other common tactics of this type might be to add an "s" to the end of a domain or to replace one of the letters with a symbol that looks like one of the letters. There are hundreds of emails that come across our desks each day and hackers are betting that your employees won't notice the discrepancy. And to be honest, it's working.
How to Spot It
This type of tactic is always very tricky to spot because we are used to responding to emails very quickly to get them off of our plate. You will need to add in one more step before you respond. Double check the email address. In many email platforms like Outlook or Gmail, the sender's name is displayed as first name last name. You will have to hover the mouse over the name in order to see the full email address. This is good practice in general because even if you can see the email address without hovering, it might be a mask for a different email address coming from a hacker. Hovering will allow you to see the true email address. Be sure also to utilize common sense. If a coworker sends you an email that seems out of character for them or they are asking you to click on a link you don't recognize, be sure to double check with them before clicking.
What To Do If You or Your Employee Accidentally Clicks
Contact your IT department or Managed IT Services Provider immediately. A majority of the time you will know that you have clicked on a malicious link because a ransomware message will pop up on your screen and you will be unable to retrieve of your files. If a ransomware message does not pop up on your screen, your IT department or Managed IT Services Provider will inform you that your system has been compromised. Your comprehensive security plan should include firewalls, network monitoring, backup and disaster recovery, and user training, so the damage of these hackers is greatly reduced, if not completely eradicated.
if you are concerned that your company is not protected, you can schedule an appointment or call (866) 575-9512 to reach a cybersecurity consultant.