Important that we meet discuss speerfishing attacks over business comunicatons. We need to make plan about this IMMEDIATELY. Please click on the link [uurl.callender.com] to make an appointment with IT for quick tutorial.
There are several things wrong with this email, and hopefully, you noticed them. All are red flags you can look for to avoid fake meeting requests or calendar-invite scams.
Business Email Communication (BEC) scams are not new. For example:
In 2020, BEC attacks were the most lucrative scam. The US estimated cybercriminals made over $1.8 billion with this approach. Beyond money, falling victim to a BEC attack also costs your business time and reputation. Here’s what to look for and how to protect against BEC scammers.
How BEC Scams Work
With many more people working from home and meeting virtually, there’s been an uptick in BEC spearfishing attacks.
On Gmail, the bad actor needs only your email address to send an invite that adds to your calendar by default. Then, you might click on what appears to be a meeting link, which actually takes you to a malware site.
Zoom has also become an attack vector. You get an invite to a meeting that asks you to login into Microsoft Outlook. You’ve done it so many times before, except this is a fake login page, and it’s set up to steal your access credentials.
How to Protect Against BEC Scams
Educate your users. As with any other type of email scam, users need to learn to be careful about the links they click. Some indicators to look for, which you can see in our opening example, include:
Email addresses, links, and domain name inconsistencies are more bad signs. Plus, be wary if something seems too good to be true (a free laptop?) or is an unusual request (transfer $1 million from the CEO’s account).
Google Calendar users can go into General settings, then Event settings, and switch off “Automatically add invitations.” Instead, select “No, only show invitations to which I have responded.” Also, under Events from Gmail, you can stop calendar events auto-generating based on your inbox. Keep in mind, though, that you’ll also be blocking legitimate events.
In these days of the hybrid workforce, we’re used to clicking on links from Zoom, Google Docs, and Microsoft Office as part of our daily workflow. The cyber bad guys know this and are taking advantage of it. Unsubscribing from email lists, keeping your email private, and reporting spam to IT can all help.
Your business might also benefit from working with a managed service provider to use a third-party spam filter. Our experts can also review your cybersecurity posture and identify areas to improve your defenses.
Contact us today at 262-515-9499
The importance of information technology in meeting business objectives continues to grow. Regrettably, the shortfall in professionals who can manage business tech is also growing. Learn what the IT skills gap means for you.
Technology helps businesses meet strategic priorities. This includes:
In CompTIA’s research into the “State of the IT Skills Gap,” the skills disparity is widening. And it’s doing so at a worrying rate. Nearly half of CompTIA’s respondents said the skills gap had grown in scope/depth over the past two years. That's 46%, indicating significant or moderate growth in their businesses.
That may not even capture the problem accurately. Only 44% of CompTIA’s respondents felt they had the know-how to identify and assess IT skills gaps on their own.
IT Skills Gap IssuesThe IT skills gap affects strategy and also impacts staff productivity and customer service/customer engagement. The shortfall in IT savvy individuals also impacts security, particularly:
Plus, the IT skills gap can slow the adoption of emerging technology. This sees businesses struggling to upgrade existing hardware and software. They aren't able to use artificial intelligence, automation, or the Internet of Things.
The shortage also hurts data integration, management, and analytics. Software or app development can also suffer.
How to Address the GapThere are many ways businesses can improve the IT workforce pipeline. Providing on-the-job experience through internships or apprenticeships may work, as might encouraging IT employees to pursue new certifications and credentials.
Investing in tech talent is another way to promote your business objectives. Without the right IT support, you could end up buying the wrong technology or struggle to deploy it. Instead of adding agility and efficiency, you’ll slow things down and may compromise security, too.
With the IT environment constantly evolving, it’s difficult for businesses to keep up. Many firms can’t keep up with the rising compensation requirements, keeping internal IT trained is expensive, too. Then, if IT talent leaves, they take their business infrastructure knowledge with them.
The solution? Partnering with a managed service provider (MSP). With an MSP you gain experts that always stay on top of the latest events and are always trained up. Yet you don’t have to pay for their conferences and ongoing training. You typically pay a consistent set fee for the services you need.
Our experts can help update your infrastructure, deploy new systems, and secure IT.
Contact us today at 262-515-9499
Tech Force Blog
We provide you with important, practical tips and insight for your technology and networks for both home and business.