By Greenshades Security
One of our clients recently alerted Greenshades about some suspicious direct deposit changes. After a quick and thorough investigation, it became clear that some end-users fell victim to a phishing attack. The phishing attack was not directed towards Greenshades’ login pages, nor did it appear to be the end game of this attack. However, the access to certain credentials obtained via the phishing email allowed them to access other websites including those employees’ GreenEmployee accounts.
Greenshades wants to remind you to be vigilant towards suspicious emails or emails with links that you do not expect. Although there is nothing you can do to be completely safe from attacks like this, here are some things you can do to help reduce the likelihood of falling victim to a phisher:
- Make sure your employees have an avenue or a contact that can help verify the authenticity of the email. Example: Security@domain.com.
- Conduct regular internal phishing campaigns to identify departments or users who are at a high risk. This can be done through various Third-party companies. This is also fairly simple to do in-house if you have developers on staff.
- Instruct employees who receive unexpected emails, with links or documents attached, to send an email to the contact (do not click reply, email directly using a trusted email) and ask them if this was intentional. Many times, phishing emails come from a trusted address and the owner does not know their email is being spoofed or compromised.
- Instruct employees to set up Two Factor Authentication (2FA) on any account that has sensitive data and has the feature as an option. Every GreenEmployee account has the ability to enable 2FA.
- Lastly, small regular internal email blasts or a quick mention at company-wide meetings.
If you have any further questions, email email@example.com.