Phishing might sound like something you do on a lazy Sunday afternoon, but when it comes to emails, it’s far from fun. 

Did you know that 9 out of 10 times, the nasty cyber issues start with a simple phishing attack? A single dodgy email can cause a whole lot of trouble. Phishing represents a significant threat to organizational security, with 90% of cyber incidents originating from these deceptive attacks. 

Recognizing and understanding the nuances of these threats can significantly fortify our defenses against them.


Evaluating Suspicious Emails

Getting a weird email can make you curious, but here’s what you should ask yourself before diving in:

  • Does this make sense?
  • Why did I get this?
  • Is someone rushing me to make a decision?
  • Are they asking for personal stuff or wanting me to click on a link?

If something smells fishy, trust your gut. It’s better to check directly with the person who supposedly sent you the email (but not by replying to it – if an attacker can send email as a person, they may be able to read it too). 

The Pund-IT team is always happy to help you check – we’d rather be “bothered” by 100 false alarms rather than have to clean up a single disaster.


A Field Guide to Suspicious Emails

Phishing Emails: Fraudulent emails designed to manipulate individuals into revealing sensitive information or taking other harmful actions.

Smishing: Phishing messages sent via SMS.

Spear phishing: Fraudulent emails targeting a specific group or individual in an organization.

Whaling: Fraudulent emails targeting senior executives at an organization.

Suspicious Emails may have unusual requests (“I need money urgently transferred”, or “we’ll suspend this email address if you don’t click here”), they may appear to come from someone you know (even have their normal signature and sign-off at the bottom!), they may look like normal communications, but the link is to some other site.

Sometimes they will come from an email address or domain that is very close to a domain you are used to.


How to Dodge the Phishing Hook

To mitigate the risk of phishing, adopting a multi-layered strategy is essential – remember, phishing is mostly an attempt to exploit human weaknesses.

Technical help comes in the form of steps such as:

  1. Implement multi-factor authentication (aka “2FA” – this makes your account much harder to take over, and can be easier to use than you might think!)
  2. Ensure you have a strong password – the internet has many suggestions – see if you can improve on your current password!
  3. Monitor for unusual activity — Did you know that we check for changes in administrative accounts and permissions as part of Pund-IT’s monthly checklists? Products that will monitor Email and Teams communications internally and externally for unusual activity also exist.
  4. Have systems that will start delaying/lock out if there are too many invalid attempts (most internet services large and small do this; Windows logins do this, etc.)

But the most important piece is people – Training and Testing helps keep people aware and more able to spot when something improper crosses their desk, and help them respond in safe ways.


The Pund-IT Way to Security and Awareness Training

Pund-IT has partnered with BullPhish ID to give you AnzenTraining, a comprehensive phishing training program.  This is about ensuring your team can recognize phishing attempts and know what to do. AnzenTraining is easy to follow and lets employees practice with real-life examples, so they get good at stopping phishing before it can do any harm.

Along side the training are phishing simulations, which give you a chance to identify staff who are most at risk.


How AnzenTraining Makes A Difference

  • Employee Empowerment: AnzenTraining provides simulation kits that prep your team to recognize and counter phishing threats efficiently.

  • Customized Learning Experiences: Through personalized training and hands-on practice, AnzenTraining educates your employees on various phishing tactics in a way that’s engaging and straightforward.

  • Proactive Defense Mechanism: Simulating real-life phishing scenarios, AnzenTraining arms your workforce with the knowledge to spot and stop cyber threats before they can do any harm, protecting your business from potential attacks.

Contributing Beyond Cybersecurity

Pund-IT’s commitment extends beyond digital security; we’re actively involved in the community through a year-round food drive. We accept canned and non-perishable food donations, with local pick-up services and a drop-off option at our office. It’s part of our mission to make a positive impact, both online and in the real world.


Exciting Announcement for Our Valued Clients

No Increase in PSG Rate This Year

We have some fantastic news to share! In our commitment to providing exceptional value and support to our clients, we are thrilled to announce that there will be no increase in our PSG rate this year. We understand the importance of predictable budgeting for your business, and we hope this decision supports your planning and growth in the coming year.

Looking forward to more years of serving you well,

The Pund-IT Team

Leave a Reply

Your email address will not be published. Required fields are marked *