We wanted to alert you to a cybersecurity threat our engineers have successfully mitigated for several of our clients recently.
We’ve seen a rise in a specific type of cyber risk: malicious email links and attachments that appear to come from coworkers and other trusted sources like regular vendors or business associates. The links take many forms, but all of them purport to be a clickable link to a document, spreadsheet or pdf that you are invited to edit or review in the cloud.
When you receive a link to a document or email attachment from a known sender, it’s natural to assume the email is safe. Cybercriminals exploit this trust by spoofing your most trusted correspondents and sharing links and attachments that can infect your network with malware, steal your information, or even hold your data hostage in a ransomware attack.
Don’t Open Unexpected Email Attachments – Even from Trusted Sources
If any email account, such as one of your friends or business acquaintances is compromised, a hacker can use that account to send malicious links and attachments to all the contacts in the email account. When you open the link or attachment from someone you believe you can trust, your email account can be compromised. The cycle continues with all your contacts receiving an email with an expected link or attachment and the potential for ransomware and other damaging cybercriminal activity.
In some cases, if you click on the link in the email, you will be prompted to enter your Microsoft login credentials and follow the prompts to enter your multifactor authentication. In reality, you are giving hackers your corporate username and password. This further exposes you and your company to the potential dangers of cybercriminals.
Stay Vigilant And Don’t Be Fooled!
Attackers also use urgency in trying to betray your trust. And they often trick you into opening an attachment you weren’t expecting, under the guise of critical information such as receiving a past due invoice or update from HR.
When in doubt, don’t click! Contact the sender through a different method (like a phone call) to verify the attachment’s authenticity. The sender may not realize hackers are using their account.
If you believe your email account has been compromised or you may have entered your login credentials on a malicious website, please contact the Help Desk immediately!