Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Tip of the Week: How to Protect Yourself from Invoice Impersonation

Tip of the Week: How to Protect Yourself from Invoice Impersonation

As cybercriminals become increasingly sophisticated in their methods of attack, it is important that your staff--the ones on the front lines--are educated to spot these attempts and know what to do if one is encountered. In order to spot these attacks, it is important to know what to look for.

Unfortunately, the increased sophistication of these attacks have made them harder to spot and resultantly, harder to avoid. This has led to a rise in the use of an attack vector known as an invoice impersonation attack. When utilizing these attacks, a cybercriminal will send a message under an assumed name (often one that belongs to a regular contact in actuality) that includes an invoice number and a link, presumably to download the invoice.

However, rather than downloading the invoice, as expected, the target of an attack will discover that they have actually downloaded some malware. This is often how ransomware is introduced into a system.

Warning Signs
To avoid falling victim to an invoice impersonation attack--or any form of email phishing or fraud--your users should know to keep their eyes out for any warning signs.

Messages containing a payment request and link
One of the bigger security issues with the concept of email is the fact that most users can only take it on good faith that the message comes from the person it appears to have. There is no voice to identify as someone else’s, and no handwriting to compare to the actual person’s.

Therefore, if an email comes from someone with a request for payments to be made, with a link to what is claimed to be a payment portal, don’t click. You might have just dodged a ransomware program delivered via a phishing attempt.

How to Protect Your Business (with the Help of Your Employees)
Phishing attacks, including invoice impersonation attacks, rely on their target to trust the content enough to not question if the sender is who they say they are. As such, they can be avoided with a little mindfulness on the part of your employees.

Make sure your employees know to keep an eye out for risk factors. Requiring regular training sessions as well as testing their cybersecurity mindfulness will help to keep awareness alive and well among your staff members.

Furthermore, you should have updated spam filters and malware blockers installed to help minimize the risk that these messages even make it to your staff in the first place. This is where Haber Group can help.

If you’re interested in the solutions we have that can help make cyberthreats a non-issue, give us a call at 866.625.3560.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 18 February 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Cloud Hackers Technology Privacy Email Malware Business Internet Hosted Solutions Business Computing Microsoft Computer Software Windows 10 Ransomware IT Services Backup Android Small Business Google Network Security Smartphone Windows User Tips Productivity Mobile Devices Hardware Gmail Data Browser Data Management Efficiency Business Continuity Phishing Internet of Things App Encryption Facebook Office 365 Upgrade Saving Money Smartphones Innovation Tip of the week Office Tips Microsoft Office IT Support Big Data Managed IT Services Artificial Intelligence Remote Monitoring Word Managed Service Provider Cloud Computing Data Recovery Outsourced IT Workplace Tips WiFi Chrome Business Management Data storage Spam Miscellaneous IT Support Social Media Money Disaster Recovery Productivity Firewall Customer Service Antivirus Cybersecurity Apple Two-factor Authentication Settings Government Server Content Filtering Robot Risk Management Employer-Employee Relationship Windows 10 Augmented Reality Google Drive Scam Tablet Safety LiFi Vulnerability The Internet of Things Holiday Analytics Data Security Bandwidth Virtual Private Network Outlook End of Support IBM Search Wireless Apps Managed IT Services Customer Relationship Management IT Management Hacking Telephone Systems Save Money Wi-Fi Administration VoIP Maintenance Virtual Reality Password Passwords Mouse Presentation Data Backup SaaS Hacker Avoiding Downtime Office HIPAA Network Wireless Technology Unified Threat Management Monitors Recovery Hosted Solution Business Technology Mobile Security Automation YouTube communications Infrastructure Communication Printing Mobile Device Computing Dark Web Patch Management Automobile Uninterrupted Power Supply Bitcoin Laptop Paperless Office Computing Infrastructure Retail Information Technology Google Calendar Fun Net Neutrality Undo Solid State Drive Google Docs Windows 8 Halloween Networking How To Application Heating/Cooling Gadgets Alerts IT service Social Engineering Google Wallet Legislation FCC Virtualization VPN Hard Disk Drive Scary Stories Firefox Servers Users Licensing Politics BDR Drones Comparison Title II Collaboration Social Sports Techology Document Management Server Management Cooperation Tech Support Google Maps How To Education Specifications Deep Learning Online Mail Merge File Sharing Humor Samsung Network Congestion Hacks Unified Threat Management User Statistics Staff Websites Budget Black Friday Bring Your Own Device Microsoft Excel Competition Address sip Computers Buisness User Error Quick Tips Bluetooth Wearable Technology 5G IT solutions Cyber Monday Best Practice Blockchain Corporate Profile telephony Display Printer VoIP Smart Technology Cortana Marketing Business Growth Permissions WannaCry Storage Time Management Fraud Current Events IP Address Downtime Access Control Distributed Denial of Service Digital Payment Applications Cabling Legal Dark Data Alt Codes Website Cybercrime Data loss Network Management BYOD Going Green Mobile Office SharePoint Managed IT Service Hard Drives Knowledge Managed IT IT Technicians Typing Lenovo Digital Computer Care Touchscreen Hotspot Mobile Device Management Downloads Unified Communications Break Fix Refrigeration Experience Shortcut Disaster Vendor Management Operating System Cryptocurrency Public Speaking Running Cable Superfish Spyware Training Language Writing Lithium-ion battery Virtual Desktop Multi-Factor Security Physical Security Twitter CrashOverride Staffing Gadget Administrator Personal Information Remote Computing Web Server GPS Computer Repair Processors Cameras Tracking Health Alert CCTV Electronic Medical Records Identity Theft Travel Notifications G Suite Supercomputer Botnet Upgrades Motion Sickness Crowdsourcing Mobile Computing Taxes IT Budget Machine Learning 3D Printing Emergency Update IT Consultant Relocation Unsupported Software Chromebook Meetings Cleaning Private Cloud Mobile Data Emoji Domains Webcam Work/Life Balance Mirgation Error Black Market Point of Sale Law Enforcement