Stop Phishing Attacks From Draining Your Business Account: Tips to Arm Your Employees

After-hours calls for assistance usually mean serious issues.  When the principal of a Radiant client reached out regarding a seemingly innocuous email issue, our support team became suspicious. Within minutes, we identified an email breach…one that hacked the principal user accounts and changed the inbox rules to hide the compromise. In the time it took for the client to reach out for support, bad actors successfully initiated a large wire transfer out of their bank. Immediately, Radiant's support team worked to identify the affected user and change passwords as other Radiant team members removed the unauthorized inbox rules and helped the client retract and successfully reverse the wire transfer. Radiant support scanned the balance of the company email accounts, hunting for other suspicious emails or rules changed to confirm that the compromise was completely resolved.

Radiant reminded all users that efforts by hackers to compromise accounts and steal money are an ongoing threat and that each user has a part to play in keeping their company safe.  

DO NOT OPEN attachments from senders you do not know. It seems simple but many users can’t resist clicking.  These emails may come from familiar names within your company, but close scrutiny of the sender’s email address may show, for example, that instead of an "O" for amazon, it may be a zero "0" in amaz0n. Be vigilant particularly when a sender requests a wire transfer.  When in doubt, don’t “click and see.”   Call your support team immediately. 

  • Treat passwords like your car/house keys. Do not make them easy to guess. New research shows that long passwords with a mix of letters, numbers, and special characters are far more difficult to hack than simple words.  
  • Never disable your Multifactor Authentication.  While MFA cannot keep accounts safe 100% of the time, your information is more secure with MFA in place.
  • DO NOT CLICK on any links in emails that you do not expect to receive. Many phishing emails work by pretending to alert you about expiring passwords and accounts being locked. Or a request to update your bank details.  Ignore them and call your support team immediately. 

Threats from cybercriminals are always evolving and extend well beyond the business enterprise, affecting many aspects of our daily lives. To take preventative steps and implement ongoing Security Awareness Training at your organization, contact Radiant Resources today.