Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Tip of the Week: How to Protect Yourself from Invoice Impersonation

Tip of the Week: How to Protect Yourself from Invoice Impersonation

As cybercriminals become increasingly sophisticated in their methods of attack, it is important that your staff--the ones on the front lines--are educated to spot these attempts and know what to do if one is encountered. In order to spot these attacks, it is important to know what to look for.

Unfortunately, the increased sophistication of these attacks have made them harder to spot and resultantly, harder to avoid. This has led to a rise in the use of an attack vector known as an invoice impersonation attack. When utilizing these attacks, a cybercriminal will send a message under an assumed name (often one that belongs to a regular contact in actuality) that includes an invoice number and a link, presumably to download the invoice.

However, rather than downloading the invoice, as expected, the target of an attack will discover that they have actually downloaded some malware. This is often how ransomware is introduced into a system.

Warning Signs
To avoid falling victim to an invoice impersonation attack--or any form of email phishing or fraud--your users should know to keep their eyes out for any warning signs.

Messages containing a payment request and link
One of the bigger security issues with the concept of email is the fact that most users can only take it on good faith that the message comes from the person it appears to have. There is no voice to identify as someone else’s, and no handwriting to compare to the actual person’s.

Therefore, if an email comes from someone with a request for payments to be made, with a link to what is claimed to be a payment portal, don’t click. You might have just dodged a ransomware program delivered via a phishing attempt.

How to Protect Your Business (with the Help of Your Employees)
Phishing attacks, including invoice impersonation attacks, rely on their target to trust the content enough to not question if the sender is who they say they are. As such, they can be avoided with a little mindfulness on the part of your employees.

Make sure your employees know to keep an eye out for risk factors. Requiring regular training sessions as well as testing their cybersecurity mindfulness will help to keep awareness alive and well among your staff members.

Furthermore, you should have updated spam filters and malware blockers installed to help minimize the risk that these messages even make it to your staff in the first place. This is where Haber Group can help.

If you’re interested in the solutions we have that can help make cyberthreats a non-issue, give us a call at 866.625.3560.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 24 May 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Cloud Technology Email Hackers Privacy Malware Business Internet Business Computing Hosted Solutions Computer Microsoft Software Ransomware Backup Windows 10 Google IT Services Network Security Android Mobile Devices Smartphone Small Business User Tips Data Management Hardware Browser Productivity Windows Gmail Data Business Continuity Internet of Things Managed IT Services App Tech Term Cloud Computing Server Saving Money Artificial Intelligence Managed Service Provider Phishing Encryption Remote Monitoring Facebook Office 365 Upgrade Smartphones Efficiency Data Recovery IT Support Microsoft Office Tip of the week Disaster Recovery Big Data Spam Business Management Social Media Word IT Support Productivity Data Backup Cybersecurity Innovation Government Workplace Tips Office Tips Outsourced IT Infrastructure Data storage Communication Bandwidth WiFi Windows 10 The Internet of Things Money Vulnerability Miscellaneous Apple Firewall Settings Managed IT Services Customer Service IT Management Content Filtering Passwords Two-factor Authentication Robot Risk Management Antivirus Employer-Employee Relationship Chrome Analytics Augmented Reality Vendor Management Mobile Security Mobile Device Safety Outlook Scam Paperless Office Search Tablet Administration Holiday VoIP IBM VPN Password Data Security Mouse Wireless Apps Customer Relationship Management Virtual Private Network Network Wi-Fi Hacking End of Support Storage Server Management Hosted Solution Save Money Telephone Systems Presentation Maintenance YouTube Hacker Virtual Reality Avoiding Downtime communications Office Wireless Technology SaaS Recovery Printing Website Unified Threat Management Computing Google Drive Monitors Data loss HIPAA Business Technology LiFi BYOD Automation Applications Modem Downloads Computer Care Touchscreen Scary Stories Value Break Fix Shortcut Disaster Superfish Drones Spyware IT Technicians Cookies Multi-Factor Security Training Fun Undo Writing Uninterrupted Power Supply Sports Professional Services Dark Web Hotspot Patch Management Social Automobile Education Application Gadgets Mirgation Nanotechnology Google Calendar Humor Deep Learning Virtualization Retail Solid State Drive USB Net Neutrality Language Hacks Networking Budget How To Remote Computing Users Chatbots Social Engineering Screen Reader Legislation sip Heating/Cooling Bring Your Own Device IT service Hard Disk Drive Buisness Dongle FCC Computing Infrastructure Firefox IT solutions Identity Smart Tech Comparison telephony Servers Best Practice Politics BDR Collaboration User Title II Alerts Techology Cortana How To Connectivity Specifications Document Management Business Growth Tech Support Google Maps Competition File Sharing Downtime Online Licensing Mail Merge Current Events Unified Threat Management Legal 5G Samsung Network Congestion Compliance IoT Black Friday Dark Data Identity Theft Statistics Alt Codes Websites Cybercrime Microsoft Excel Cooperation Address Going Green User Error Quick Tips Knowledge Computers Marketing Regulations Star Wars Cyber Monday Bluetooth Typing Corporate Profile IP Address Blockchain Staff Printer Operating System VoIP Unified Communications Experience Display Social Networking Cost Management Smart Technology Cryptocurrency Running Cable WannaCry Virtual Desktop Mobile Office Permissions Wearable Technology Access Control Time Management Hard Drives Motherboard Assessment Distributed Denial of Service Digital Payment Bitcoin Cabling Laptop Mobile Device Management Chromebook Information Technology Router SharePoint Google Docs Network Management Refrigeration Public Speaking Internet Exlporer Managed IT Service Fraud Managed IT Windows 8 Halloween Google Wallet Digital Lithium-ion battery Lenovo Work/Life Balance Error Point of Sale Black Market Law Enforcement Physical Security CrashOverride Twitter Staffing Gadget Administrator Personal Information Web Server GPS Computer Repair Cameras Processors Tracking Health Service Level Agreement Mobile Computing CCTV Alert Electronic Medical Records Travel G Suite Notifications Upgrades Supercomputer Botnet Motion Sickness Taxes Crowdsourcing 3D Printing IT Budget Machine Learning Update Emergency IT Consultant Unsupported Software Relocation Domains Meetings Cleaning Mobile Data Private Cloud Webcam Emoji