What Makes Spear Phishing Different?

As a rule, spear phishing is a much more precise and personalized process. To keep to the “fishing” analogy, a generalized phishing campaign casts a wide net, trying to snare as many victims as possible with their scam. Utilizing vague and generic language, the ‘typical’ phishing attack is made to appear to come from a large organization, informing the user of some need for the user to take action, resulting in the hacker gaining access to the user’s information. This methodology makes the typical phishing attack fairly effective against many people, while simultaneously easier to spot if one knows the warning signs.

By comparison, spear phishing is far more precise. Instead of trying to find value in the quantity of targets snared in a trap, spear phishing takes the opposite tack. Using a highly targeted approach, spear phishing attacks are directed toward a specific individual within an organization.

This specified approach means that the generic messages that many phishing attempts leverage simply won’t be enough to fool the intended target. Instead, the hacker has to play investigator, seeking out as much information as they can about their intended target. Where do they work? What is their position in the company? Who do they frequently communicate with? Once the hacker has collected enough information to create a convincing message, they will typically spoof an email to their target. This email will usually contain some reference to a known contact or some in-progress project to make it more convincing and will request that the recipient download a file via a provided link.

However, while the link will direct to what appears to be a Google Drive or Dropbox login page, it is just another layer to the deception. Entering credentials into this page will give them right to the hacker for their use, breaching the user’s security and putting the entire business at risk in one fell swoop.

What Methods Do Spear Phishers Use?

Due to how spear phishing works, the messages sent by hackers need to be as convincing as possible. Combining extensive research with some practical psychology, a hacker has more ammunition to power their attacks.

As mentioned above, spear phishing is far less generic than the average phishing attempt. By referencing specific people, things, and events that mean something to the target, or appearing to come from an internal authority (a manager, perhaps, or even the CEO), the hacker can create a message that is less likely to be questioned. If the hacker writes their messages without any spelling or grammatical errors, as many spear phishers do, it only becomes more convincing.

These hackers are so reliant upon their target being fooled; many will purchase domains that strongly resemble an official one. For instance, let’s say you owned the domain website-dot-com. If a hacker decided to pose as you to launch a spear phishing attack, they might purchase the domain vvebsite-dot-com. Without close inspection, the switch may not be noticed - especially if the hacker creates a good enough lookalike website.

Am I A Target?

Of course, the research that a hacker has to do to successfully pull off a spear phishing attack is extensive - not only do they have to identify their target, they also have to figure out the best way to scam this target. Generally speaking, a hacker seeking to leverage spear phishing will focus their efforts on anyone in an organization who could potentially access the information that the hacker wants but isn’t high up enough in the organization to question an assignment from above.

Or, in more certain terms, a business’ end users.

In order to minimize the chances that a spear phishing attack will be successful against your company, you need to make sure that everyone subscribes to a few best practices. For example:

• Pay attention to the finer details of an email. Is the message actually from , or does the email address actually read ? Did Christine/Kristine include any attachments? As these can be used to spread malware via email, you should avoid clicking on them unless you are certain the message is legitimate.
  
  
• Is the message written to sound overly urgent? Many phishing messages, especially spear phishing messages, will try to push an action by making it seem as though inaction will lead to a critical issue. Another warning sign to look out for: any deviation from standard operating procedures. Don’t be afraid to question a sudden switch from Google Drive to Dropbox - it may just be the question that stops a spear phishing attack.
  
  
• Speaking of questioning things, don’t hesitate to make sure that any messages you suspect may be spear phishing aren’t actually legitimate through some other means of communication. A quick phone call to the alleged sender will be well worth avoiding a data breach.
  
  

While spear phishing is a considerable threat to your business, it is far from the only thing you need to worry about. Coleman Technologies can help your business secure its IT solutions and optimize them for your use. To learn more, subscribe to our blog, and give us a call at (604) 513-9428.

Those familiar with the online version of Gmail will find all of this quite familiar, as Smart Compose has been predicting their next words for some time now. It will seem newer to those more familiar with the Gmail application in macOS and Windows, as it hasn’t been available there until now. 

Using Smart Compose on Android Devices

The first thing you’ll have to have in order to use Smart Compose is an active Google account, with the latest version of the Gmail application installed on your chosen device. As you type, Smart Compose will present its predictive text suggestions that a user can either accept, or just keep typing to ignore. While this form of machine learning is pretty basic, it does demonstrate how a device can “learn” how a user is most likely to use it - in this case, what word is likely to come next in the user’s sentence.

Turning Smart Compose Off (and On Again)

Of course, some users may find these suggestions inconvenient or distracting. That’s totally fair, and means that these users should deactivate the Smart Compose feature. Access the Gmail app’s menu by pressing the hamburger icon at the top left. You should see your Settings from there. You will be asked to choose from the accounts that have access to your device. Once you’ve selected the appropriate account, look under General settings to find Smart Compose. Use the toggle switch to activate it or deactivate it as you please.

While Smart Compose may not be quite as impressive as the artificial intelligence that appears in feature films, it has one major advantage over them: it can actually be used to benefit your business. For other ways that you can give your business operations a boost through technology solutions and tips, subscribe to our blog! You can also reach out to us directly by calling (604) 513-9428.

Stay Organized Whenever Possible

Any business owner receives countless emails on a daily basis, and when they all collect in one place, they can quickly become overwhelming. The issue with this is that, when you have to focus on too many messages at once, it’s more likely that you’ll miss important messages, focus on the wrong tasks, or even respond to messages thinking they are different ones, creating some messy confusion. If you can’t determine what’s important in your inbox, how can you even be productive? We recommend placing filters on your inbox so that you can determine a message’s importance, sender, topic, and even more to navigate and sort your inbox in the most efficient way possible.

Allocate Time to Your Inbox

You should always set aside a specific amount of time every day to deal with the emails you receive. If you don’t, chances are that you will get sidetracked by a task and possibly miss out on responding to important emails. One thing to keep in mind when considering how quickly you should respond to emails is that messages that are the most important aren’t going to come in your email inbox. The ones that are critical will likely come in other forms, such as someone within your organization knocking on the door or giving you a phone call to make the issue known.

Use Alternative Communication Methods

If you find yourself stuck with a perpetually full inbox, perhaps you could benefit from sending or receiving fewer messages. If the message is short or a simple notification, perhaps it would be better to use alternative means of communication, such as an instant message. This is particularly great, as it cuts down on the back and forth required for a quick conversation, as well as takes the urgency out of a situation.

Make a Quick Phone Call

Sometimes a matter is too important to leave to an email. In cases like this, making a phone call is the most prudent. Furthermore, meeting in person can take this advantage one step further, as you eliminate the possibility of intent being misconstrued altogether, making it much easier to be as clear as possible.

To learn more about how you can eliminate the pains of email, reach out to us at (604) 513-9428.

One Account, Two Accounts, Three Accounts, Four…
Based on your work responsibilities and how your office is structured, it is quite possible that you need regular access to multiple email accounts. You could have one you use internally, one for communicating with clients, one to reach out to vendors, one to use to sign up for resources… you get the point. When all is said and done, that’s a lot of email messages.

However, you presumably have other work responsibilities beyond just checking your email, so switching between all of them just isn’t a practical option. Well, it just so happens that you won’t need to switch, as the email client you choose will be able to consolidate these multiple accounts for you. Before we get into how, we need to make sure that we’re speaking the same language here.

- An email account is the individual address used to send or receive a message. In your organization, you might have and . Likewise, each employee may have a different account for their different responsibilities - for instance, and .

- An email client is the program that allows you to send and receive emails. Gmail and Microsoft Outlook are two perfect examples. If you have multiple clients stored on the same server, they can be used pretty much interchangeably, each client presenting all emails. An email client also has a few features that enable you to better keep track of multiple email accounts, provided you have set it up to do so.

Let’s go over your options now.

Multiple Inboxes
The people who developed the email clients that we use weren’t naive. They understood that a given user isn’t going to be tied down to a single email provider, and certainly not a single account. This is why email clients can support multiple inboxes, assuming they are configured correctly. Multiple inboxes allow a user to access a single client to manage multiple email accounts, streamlining the process greatly and enabling customized organization.

Multiple Email Personalities
On the other hand, some users don’t mind leveraging one inbox, but might still need to utilize more than one address in their correspondence. There is also a method that enables the use of a single, catch-all inbox, but enables the user to select which email address (in this case, known as personalities) their response is sent from.

To do so, you will first need to set up an email account that you do not give out, as it will serve as the catch-all address that all of your emails ultimately accumulate within. Once it has been set up, you need to set all of your other accounts to forward their contents to that mailbox - your internal IT resource should be able to help.

Once your messages are all being sent to the catch-all account, you will be able to respond to these emails from the address that they were originally sent to.

Setting Up Inboxes and Personalities
In order to accomplish either of these tasks for your client of choice, you will need to adjust a few settings.

Gmail
To add another account to your Gmail client, you’ll need to access your Settings, which means you have to click on the gear icon. Once you’re in your Settings, you should see a tab labeled Accounts and Import. Under that tab, there is a Check mail from other accounts section. Click on Add a mail account, and follow the instructions provided.

To add additional personalities to your Gmail account, you’ll need to again navigate to the Accounts and Import tab. There, you will find a section labeled Send Mail As, with the option to Add another email address. This will also allow you to choose your default email address.

Outlook
As it happens, there are too many different versions of Microsoft Outlook and too many variables to allow us to provide a walk-through. Fortunately, Microsoft does offer some documentation that instructs users how to manage their "connected accounts.” Of course, you can also call (604) 513-9428 for our assistance, as well.

Are there any solutions that you frequently use that you’d like some extra tips for? Tell us which ones in the comments section, and don’t forget to subscribe!

Microsoft’s Dedication to Security

Microsoft has as good of a handle on the nature of cybersecurity as any other major software company. The sustainability of their business and the effectiveness of their products are dependent on it. If their security software didn’t work well, there is no way they could sustain their place as the world’s most important software company, right?

One problem they are running into is that their security is SO effective, that hackers had to shift the ways they tried to infiltrate networks and steal data. The establishment of phishing is a social engineering term for duping a victim into downloading software that’s only purpose is to gain access to their personal data, which leads to data and identity theft, and in the case of business computing, access to much more.

Businesses Have Trouble with Security

Today’s business has to deal with a lot of different security issues. First, they are responsible for having the technology protections connected to each part of their computing infrastructure. This can be as simple as having the router-supplied firewall and an antimalware program loaded on their server. It’s likely, however, that the average business will need more coverage over their network to secure it, and the data stored behind those security platforms.

Next, and maybe most crucially, it is the business’ responsibility to train its staff on what kind of issues to look out for. Today, most malware infections and other infiltrations are the result of a mistake made by a person that has credentials and access to data. If your organization doesn’t properly train your staff on how to eliminate these threats, there is a fair chance that your network will be inundated with some type of malware at some point.

Microsoft 365 Security and Compliance

Microsoft, acknowledging the need for an enterprise product that combines the power of their Windows 10 operating system, the productivity options presented from Office 365, and powerful security and compliance controls, has launched Microsoft Office 365. The cloud-based solution presents the core computing resources that any business could use in a product that is available right now from Coleman Technologies.

Our knowledgeable technicians can help you find the right security platform for any of your business’ computing needs. Call us today at (604) 513-9428.

Of course, moving to a cloud-based email solution might seem a little intimidating--especially if you’ve never dealt with a cloud-based service before. We’ll help you make the jump with four tips and tricks to consider for this process.

How is Your Email Being Hosted?
First, you’ve have to determine whether the solution will be hosted in your own personal on-site cloud or if a service provider will host it. If you opt out of managing your own cloud-based email solution, you’ll have to determine if a public cloud is the best place for your email, or if you’d rather have it hosted privately by a managed service provider like Coleman Technologies.

Be Sure to Include Archiving and Backup
If you’re not taking advantage of archiving and backups for those archives, you could be putting your business in jeopardy. What if you ever have to refer back to past emails to determine who said what in the event of a disaster? You should be sure that you are routinely archiving your emails, as well as backing up those archives to make sure they are always available when you need them.

Don’t Forget About Security
If you’re storing your organization’s email infrastructure online in the cloud, you’ll have to worry about the security of it. Make sure that it’s protected--a firewall, antivirus, and especially encryption. With the amount of sensitive information found in most inboxes, you need to keep it secure.

Consider the Devices Used
When choosing an email solution, you should think about which devices will be accessing it. Most of the common email applications out there, including Gmail, Microsoft Outlook, and so on, will have mobile applications that can be downloaded to devices for on-the-go access. After all, if you’re implementing cloud-based email to improve access, you want to make sure your employees actually have access to it.

To learn more about how your business can take advantage of cloud-hosted email solutions, reach out to us at (604) 513-9428.

Spam Inundation

If you've been using email for a while either professionally or personally you have almost certainly gotten email from people you don't know. Most of these emails are blatantly unwanted while others can look 'almost' legit, as if a real person is trying to contact you. Often (and unfortunately) spammers can get your email address when you put it online or use it to register for accounts on sites on the internet. The good news is standard spam protection is getting better these days, and more advanced spam protection is cost effective for businesses that need the extra layer of protection. Spam can cause a lot of harm for a business network if it isn't kept under control - spam can bog down email servers and eat up network bandwidth and plus it drastically slows down employee productivity because they need to sift through it all just to find their real email. If you and your staff are getting more than a few spam emails a day, contact us at (604) 513-9428 and ask about our anti-spam solutions.

Don't Open Attachments from Unsolicited Emails

This has been a golden rule for general email usage for a very long time. If you received an email from a stranger and there is an attachment, don't touch it. If you receive an email from a contact and there is an attachment, but anything is suspicious, don't touch it. This goes the same for links - if the email was unexpected and just seems fishy, it is possible your contact's email may have been compromised. Use your judgment on this, but remember it isn't your contact trying to trick you, they are merely the victim of a similar hoax from one of their contacts. If you have any doubt, simply reply or pick up the phone and ask them about it before continuing.

Keep your Computer Safe

Be sure to keep antivirus definitions up to date, and run scans regularly. Running adware and spyware removal software at regular intervals is important too. Be sure your Windows Updates are up to date as well. For businesses, you'll want to invest in network protection to keep external threats from leaking in. Even for small British Columbia businesses, security and threat management is important to keep operations running smoothly and to prevent expensive downtime and data theft.

Don't Rely on Email for Storage

Everyone has done this at least once; you are working on a report or document on one computer and you email it to yourself in order to pull it up on another computer. That's fine as long as you mind your inbox capacity, but you shouldn't rely on email for storing files, not even as a reliable backup. Imagine having to painstakingly pick through all of your email to restore your most important files. It doesn't sound like a good idea now, does it? On top of that, email isn't any less prone to data corruption or loss than any typical storage solution, and unless the server hosting your email is backed up with a reliable solution, it could be here today and gone the next.

Encrypt Sensitive Data

If you send sensitive data to other recipients, you will want to consider email encryption. Some industries require this. Email encryption simply scrambles the message while it is being sent, and depending on what type of encryption, will descramble itself or allow your recipient to log in to a secure location to view the data. Although email encryption services vary, most of them are very cost effected especially when put beside the risks of sensitive data getting leaked and stolen. Give us a call at (604) 513-9428 to learn more about email encryption and what solution is right for your business needs.