Like most people you probably have more than one email account. You can’t get away without having a personal email address and you likely have to manage one for work as well. All this and you also have to manage each of these accounts across your desktop, laptop and probably a handful of mobile devices.
Confusing right? Luckily, there are things you can do to remove some of the noise such as linking your accounts. For the purpose of this video, we are going to assume that you have a personal Gmail account and an Office 365 account using Outlook for your work email. Just to add one more layer of confusion, let’s say you want to link all of these accounts in the mail application on your Windows 10 desktop computer.
In this video, we will show you how to add accounts to the Window 10 mail app, as well as linking the Gmail and Outlook so that you can access them from the same application.
When was the last time you almost lost $23,000 to a phishing email? This nearly happened to one of our clients this week. Fortunately, this phishing attempt was spotted before the funds were transferred, however, there are a few good lessons to take away from this story and we want to educate you so you can protect your company from these sorts of attacks.
“Bob’s Company” received an email at Accounting@Bobscompany.com. The email was from Bob@Bobsscompany.com.
The email wrote:
“Good Morning,
Please pay the attached invoice in the amount of $23,000.
Thank you,
Bob”
For the accounting manager, this was business as usual. The boss regularly sends requests to the accounting department to have bills paid. At a glance, there is nothing wrong with the email but in this instance, the tone of the email was unusual which caused for further investigation.
This phishing attempt was sophisticated enough to the point where the scam artist even took the time to forge a signature on the attached invoice that matched Bob’s signature. Fortunately, the accounting manager double checked with the boss before processing the transaction. What’s scary is just how close the accounting manager came to processing the payment which is a mistake any one of us could make. If they weren’t paying attention or were just in a hurry, anything could have happened.
What’s important to take away is just how predictable we are. Most companies operate the same way with similar departmental and communication structures. If this wasn’t true then social engineering scams wouldn’t work. This was a close call for just one company and it isn’t hard to believe that whoever sent this email has sent thousands of them and likely got paid on a handful.
These types of attacks are becoming more prevalent than any other because they are cheap, easy and work on businesses of all sizes. “Bob’s Company” is a small business, not a behemoth company that you surmise a hacker would go after. Small businesses are easy targets from a hacker’s perspective because many of them do not invest in security and user training like large companies do.
Some actionable steps you can take to avoid falling prone to this type of attack are:
Avoid using departmental emails like Accounting, Payroll or HR. This lets the hacker know that they are sending the phishing email to the right person making it more likely for the email to have the hackers desired effect.
Use regularly changing keywords when sending requests for a transfer of funds. Change this keyword every month and instruct your staff never to transfer funds without the keyword in the email. This is a really low tech solution but it works. These attacks are intended to trip you up when you aren’t paying attention. The majority of attacks never involve someone spying on your network and learning your passwords and company secrets. Simple though it may be, this is an effective form of two-factor authentication.
Use free spoof phishing tools like KnowBe4 to test your employees to see who is likely to click on phishing emails. Invest in those employees by training them on what to watch out for.
We are living in an ever-developing world where cybercrime is global, the barrier to entry is low and we humans are the weak link in the chain. Since cybercrime has such low risk and high reward these scams will become more frequent and sophisticated. Businesses will have to adapt to these changes and develop strategies to protect their resources. It is important to consult with your IT partner to learn how you can train your employees and set up security measures that will prevent this coming wave of cybercrime.
Are you curious to see who in your company is most likely to download a virus on your network? Well now you can find out and the best part is, its free. With KnowBe4 you can administer a range of free tools that will allow you to see which of your users is most likely fall for phishing emails.
The sad truth is that some people will click on anything that comes across their email inbox. This is how most network infections start. Till more recently, there hasn’t been a lot anyone could do to prevent this. KnowBe4 allows you to find those trouble users and train them so that this major hole in your network can be filled.
From a compliance standpoint, KnowBe4 offers actionable data that will allow you to show your HIPAA or PCI compliance officer that you are taking actions toward due diligence.
As an IT company, we do our best to prevent major disasters with layered security involving anti-virus, managed firewalls, Office 365 spam filtering, security permissions and most important, great backups. Even with all of these security measures in place, there isn’t a foolproof method to ensuring that a few phishing emails won’t slip by unnoticed. We rely on backups to get our clients up an running quickly but even under the best of conditions, it is still better for the virus to have never been clicked on to begin with.
For a small investment in time, you can’t afford to not use these great free tools from KnowBe4. Take a few minutes to watch our new video on how to get started with KnowBe4 and harder you users against malicious emails.
Every Microsoft product is designed to drive collaboration and efficiency. Microsoft OneDrive is no exception. Built as a solution to match the emergence of products like DropBox, OneDrive is integrated into the Office 365 offering and works seamlessly with all Microsoft Office products.
In this video, we will show you how to access and set up your OneDrive account that comes with five gigabytes of storage. OneDrive allows you to send files without having to use email or file transfer methods. Simply upload your files to the cloud and allow your team or any specific person to have access to them.
The real power of OneDrive is the ability to share data. OneDrive will act as a kind of backup, staying synced with the computer files that you have saved in OneDrive, however, OneDrive was intended to serve as a way for teams to collaborate with large files. Instead of trying to send a large file directly, you can simply upload your file to OneDrive send a link that will allow the recipient to download and work from anywhere in the world.
If you are using Office 365 then you should take a moment to set up your OneDrive account. Especially if you are paying for a product like DropBox. This will help save you a little money every month and will sync well with all the Microsoft products you already use.
Email was once considered the hub of communication for business, and for external correspondence, it generally still is. However, if you just need to have a quick conversation with someone on the other side of the office, email is clunky and slow. Fortunately, there is a new trend for internal business communication: chat services.
There are a few major players in the messaging space for business, namely Slack and Microsoft Teams. Both platforms allow for a seamless collaboration between team members that is far more efficient than relying on emails or in person meetings. This is especially effective for businesses that have remote employees who need to be able to chat and send files.
There are two main ways to communicate with these chat tools, aside from direct messaging between team members. You have the option to add as many team members to a conversation as you would like, which is great for collaboration between groups within a company. You can also create general chat topics that go out to the whole company, which is great for HR updates and general company-wide notifications.
No tool is complete without its ability to offer third party integrations. Slack offers a slew of apps and API integrations for just about every application you use. For example, maybe your sales team uses SalesForce, but you want your team to be able to communicate quickly to drive more sales. Slack offers apps and integrations for SalesForce so that all correspondence flow seamlessly from one platform to another.
The world of communication is swiftly changing. Although chat services have been around for many years with services like Skype, they have made a comeback within the business world. Instant messaging makes it faster to ask a quick question then it would be to spin around in your chair and talk to someone directly. If you are looking for a simple way to help your team communicate quickly and collaborate effectively, then you should talk to your IT partner about setting up a chat service within your company.
There has been a recent increase in phishing attempts across the US and it is concerning for many reasons. It is important to be aware of these issues and how these phishing attempts work so that you can protect yourself and your company. The unfortunate truth is that there is only so much you can do to block phishing emails from landing in your inbox in the first place. The only surefire way to prevent phishing attempts from becoming a problem is by training your users to keep a keen eye.
A phishing attack like the one shown above is an attempt to get you to give away some important information, usually credentials to an email account. In the past, phishing attempts have been highly generic like the “Nigerian Prince” scam that any most discerning individuals would understand to be malicious. Now that most people have become aware of the nature of phishing attempts, the scammers are having to become more sophisticated.
This means that phishing attempts will become increasingly difficult to distinguish from legitimate emails. As more and more emails are being hosted in the cloud through services like Gmail and Office 365, scammers have found a particularly effective way to trick people. These services will periodically ask you to verify your credentials or even change your password every 90 days. These routines can be hijacked to make you think that you are giving your information to your provider when really you are giving it to a scammer.
By looking at your publicly available DNS records, scammers can tell what email platform you are using. It is easy to set up a web page and design it to look exactly like the login page of any hosted email provider. Scammers will use this information to send you highly targeted emails asking you to verify your credentials for “security” reasons. Seeing that the email appears to be from a trusted source, and the link in the email supposedly leads to your hosted email provider, you are likely to enter your password giving the scammer access to all of your information.
In order to help you avoid these pitfalls, we have a few simple steps to follow that will help keep you safe.
Are you expecting the email? Maybe you are logging in from a new computer and the email host doesn’t recognize or trust your device. This is a good reason to expect an email with a link. If there is no reason to expect an email, then receiving one should be a red flag.
Inspect the email. Start by looking at the sender. Do you know them? Don’t just look at the display name; carefully inspect the email address that the email is coming from. Is the domain address spelled correctly? If not, this is likely a scam. Does the email use scary works like Urgent or Emergency? This should be a red flag as well. Also, be sure to check any external link addresses and if they lead to an obscure website, this is likely a scam.
Don’t use links. If you have reason to think that this email is legitimate, take one last security precaution and don’t use the link provided. If you need to verify your credentials then you will be prompted to do so the next time you log into your email account. Do a web search for the login page of your hosted email provider and log into your account from there. If you are not prompted to verify your login then you will know that the email you received is a scam. If it is a link from a known sender, you could also give them a call to verify that the link is from them.
Following these steps will allow you to filter out most phishing attempts that make it to your inbox no matter how sophisticated they become. These attacks rely on you making decisions while not fully paying attention, but they will never be able to fully copy the email provider they are trying to spoof. This means that if the email is not legitimate, then you will likely be able to point that out with a few seconds of careful inspection.
As always, be sure to work closely with your IT professional to ensure that you have a security plan in place. Phishing attempts can lead to data loss, security breaches and even significant lost revenue. It is always better to be preventative about these issues than having to deal with the aftermath.
Stressed businesswoman is frustrated and overworked at her desk and computer isolated on white background
Technology has driven a wedge into the profession of sales in a way that industry wasn’t prepared to deal with. On the one hand, you rely on it to keep you connected, but on the other hand, you also want it to protect you and keep your life private as well. Salesmen look to utilize every bit of accessible information to help them drive revenue. In the meantime, they create a lot of noise in your inbox that for the most part, you couldn’t care less about.
We have a unique perspective on sales because we are the purveyors of technology for our clients, and like every other business, also need to sell in order to grow as a company. This allows us to see how businesses are set up and how the technology can be taken advantage of in order to drive more sales. What we have learned is that there are a few ways to hide in plain sight so that you can only be reached by people you care about while remaining invisible to the rest of the world.
Problem #1: Email
Let’s start with email, the most important means of communication for businesses today. Except for when everyone knows your email address; then it becomes a time sink to delete thousands of emails just to get to the handful that are important. How does this happen? It starts when you set up your email address for your company. You choose your domain along with a format so that everyone in the company has basically the same email. This looks professional but the downside is that it is very predictable. For example, john.doe@domain.com might be the owner while sally.jane@domain.com might be the receptionist. Meanwhile, you can find the names of all of the key decision makers in your company on sites like LinkedIn, Facebook or Google search. Companies will happily give away contact information to lower level employees while not realizing that they are actually giving away every contact in the company.
Answer
You are playing with smoke and mirrors. If a salesman doesn’t know your email address, he or she is going to guess and they will likely figure it out by sending an email to the most common variations of email addresses that businesses use until they don’t receive a kickback email. The best bet is to have more than one email address. Have one that you use to get your work done and another that serves as a filter to catch all of the unwanted emails. Make your filter email predictable and easy to guess and use an uncommon variation as your important email. Additionally, you can also purchase another domain and use that for your important email separate from your web address domain. If a salesman is relying on guess work to get your email, it will be very difficult to put this together.
Problem #2: Phone/Voicemail
The second biggest issue is the dial by name directory and your personal extension. You may have hired the toughest gate keeper in the world but if a sales person knows your name and can use a dial by name directory, they might as well have your direct line. Even if you forgo the dial by name directory altogether, it is important to remember not to start your voicemail with “Hi, this is John Doe at extension 222” which accomplishes the same thing as far as any sales person is concerned. More often than this small human error, is the error built into your auto attendant that says “Hello, you have reached John Doe at extension 222. Please leave a message at the tone”.
Answer
If you are going to opt into the dial by name directory, you should make an effort to hide your name on all of your social profiles, especially LinkedIn, by setting your profile to private. Be sure that you are not giving away information for free by putting your email address and extension in your voicemail. Lastly, think carefully the next time you purchase a phone system and look at each feature to see how it may be used by a salesman to contact you. Many of these features can be customized, however, most of them are set to default which gives away the most information.
Problem #3: Social Media
Social media is making it very difficult to hide from people who don’t know who you are. It makes you look good to have a striking LinkedIn profile with lots of connections, but while you are advertising yourself, remember that that information is accessible to everyone. If a salesman stops by a company to leave some information and the gate keeper won’t give them the contact information for the decision maker, there is no need to lose sleep over it. It is more than likely that all the information they need will be right at their finger tips as soon as they log into their computer.
Answer
If you are going to have a LinkedIn profile, be sure to keep your profile private. In most cases, all a salesman needs is a correct name to get your email and to start flooding your voicemail inbox. The goal is to be easily accessible by those who already know who you are and by the people who you want to contact you, not by those who are looking to sell you something. It is also important to remember that companies like LinkedIn are playing both sides. While you can set your profile information to private, you can also pay for a Sales Navigator account to remove those privacy settings. The ultimate truth is that if you are going to put your information on the internet, it will be used by people who want to get in contact with you, even if you don’t want to hear from them.
It has gotten to the point where it is almost astonishing to not be able to find contact information for prospective clients online. Combine this with the human tendency to be predictable, and there are no barriers keeping your inbox from getting flooded. This can be troubling and can cause many distractions in your work life if you do not develop a strategy to keep your privacy under control. One way you can benefit from working with an IT partner is by setting up the systems that connect you so that they also protect your privacy.
As an IT support company, we are always telling our friends and clients to be cautious with what they click on or whom they give personal information to. Most people know to avoid giving money to a Nigerian price, but scams and phishing attempts are becoming more advanced every day. Many scam emails disguise themselves as people or companies we already know and trust. You must always be diligent to avoid falling for the latest tricks. Today, we came across a good example within our own company that illustrates why being cautious is so important.
Even IT Companies Get “Phishy” Emails!
What is wrong with this picture? First of all, Sara was not expecting to make any immediate transfers. Secondly, there is no reference to what is being purchased or the reason for a transfer of funds.
Once your alarm bells begin to go off, you will start to notice additional red flags. For example, what is wrong with williampote@etoptechnollogy.com? Notice that the domain etoptechnology.com only has one “L”, as seen in Sara’s email address. However, if you examine at William’s email address, you can see that it contains the wrong domain. If you did not closely examine the sender’s email address, this detail could easily be missed.
In addition to the wrong domain name, there is another tip-off that this email is a scam. The sender signed the email with the nickname “Bill,” but William does not go by Bill.
Had Sara missed these red flags and fallen for the phishing email, she may have replied to confirm that she is ready to make a transfer. She would likely have received a reply email with a link to a wire transfer site that would take her money, never to be seen again. Although this seems like a crude method to steal money, it has led to businesses losing millions in a single transaction.
What Can I Do?
No matter how good your firewalls, antivirus, and other security measures are, there will always be threats like these that slip through. Though the potential for phishing may be intimidating, you can generally protect yourself by following these tips:
1. Keep your guard up and be cautious
2. If you receive an email or any correspondence that you were not expecting, especially relating to requests for money or personal information, verify with the sender through an alternate source like a phone call. Wherever possible, attempt to find the sender’s contact information through Google or some other means, rather than contacting them through the information they supplied.
3. Always closely examine the domain in your senders’ emails and any subsequent websites you get directed to.
4. If you think you have received a phishing attempt, or you already fell for one and think your email or network has been breached, contact your IT provider immediately. Better to be safe than sorry!
One feature that frequently goes overlooked in Microsoft Outlook 2016 is the task feature. If you need a to-do list or a task list, you are probably more likely to find a third party tool rather than using the one that is built into Outlook. This feature works well, but is little known even among people who use Outlook frequently.
Since the task feature is integrated into a platform that manages email, contacts, and calendaring, it makes your to-do list flow seamlessly into the rest of your work life. Features such as the ability to assign a to-do to someone in your contacts using an email is just one example of how three of the different features in Outlook can work together.
In this video, we will show you how to set up new tasks and walk you through all of the features such as scheduling, reminders and automatically recurring tasks. Outlook will even allow you to categorize your task lists so that you can separate tasks in any way you like. As simple as this tool is, it is extremely useful and can help you maximize your day when you are wondering what you need to do next.
Everyone needs an automatic signature in their email. Setting one up is a simple process if you follow the steps in this how-to video. Generally, an email signature is made up of your name, job title, company name, phone number(s), extension, website, and reply email address.
The important thing to consider is how much information you should give out. Do you need to give away all of your information? If so, will everyone receive the same signature from you? You may want some people to receive all of your contact information, but you may want others to receive only your name.
For this reason, you may want to set up multiple email signatures. For example, if you are reaching out to a potential client and you want them to have all of your contact information, you can have a signature for that purpose. On the other hand, if you are replying to a sales person that is offering something that you don’t want, you can reply with a signature that just includes your name. There is no reason to offer your cell phone number to someone who is going to try to contact you to offer something that you don’t need.
This is an easy thing to overlook. In a business environment where you are already busy, you don’t need to sort through additional emails and phone calls. Take these steps now so that you can limit the amount of noise in your life and become more productive.