Spring Spamapalooza: is your inbox feeling like a spam festival? You’re not alone. Everyone has been getting more spam this spring.
A phish is a malicious email whose purpose is to either obtain login information and/or infect the recipient’s computer. Hackers are definitely having a spring spamlooza with lots of phishes for small business.
What do the phishes look like? Definitely seeing an increase in fake invoices. Usually the invoice is a poisoned PDF attachment though sometimes it’s an URL (web link) to a malicious web site.
Also seeing a lot of fake delivery notification emails with URLs leading to web site that a) try to infect your computer or b) capture login information. A lot of these purport to be from Canada Post. The fake Canada Post emails are usually easy to spot: all Canada Post emails are in both in English and then French.
Text Scams or Smishing
Text scams tend to be more topical: fake Ukraine relief appeals, something that has been in the news recently, tax refunds and delivery notifications. The example below is a fake tax refund link.
What are the goals?
Hackers want your banking information, credit information and logins to other web sites. Hackers really want your administrator access to Microsoft 365 or G-Suite accounts. With the Microsoft 365 or G-Suite access, hackers can buy themselves products licenses, harvest company email addresses and then use your email addresses to scam your clients.
Educate your staff regularly. Advise how to deal with invoices from unknown parties. Enable multifactor authentication (MFA) on administrator accounts.
While antivirus products might protect your from some of the malicious attachments and web links, your best defense is being vigilant and suspicious of unexpected emails and text messages.