Blog

When the People You Trust Phish You

When the People You Trust Phish You

Having success in business often relies on developing trustworthy relationships. You have to trust your vendors and suppliers to get you the resources you need, you need to trust your staff to complete their tasks without putting your business in harm's way, and you need to trust your customers to buy the products and services that you offer. Running counter to these necessary bonds of trust are people actively soliciting people’s time, energy, money, and attention for their own selfish purposes.

Cybercriminals don’t care what kind of good will you’ve forged, all they want is your data or access to your network. This blind determination is a major threat to businesses like yours. One of the most prevalent scams is what is called a Display Name Spoof. It isn’t just your regular phishing scam, and today, we’re going to teach you everything you need to know to ensure that you aren’t a cybercriminal’s next victim.

What is Display Name Spoofing?

Display name spoofing is a spear phishing tactic where hackers will target an individual—who typically has access to the network or resources that the hacker wants access to—and sends them a vaguely worded email that is seemingly sent from a trusted source, often an authority figure. Since the email address and title look legitimate, subordinates who forsake security for alacrity can put your whole business in jeopardy.

It works like this: Many professional emails will have a signature. Display name spoofers use  this to their advantage. What they will do is target a person, research them to find someone that could potentially get them to act impulsively, and use that information to phish the user. Below is an example of a display name spoof phishing attempt:

As you can see, the only thing that looks illegitimate here is the actual email address and since some email clients don’t actually show the address by default, you wouldn’t blame a dutiful employee for following the instructions in the spoofed email. 

What Can You Do to Combat Display Name Spoofing? 

At your business, you have cameras, You have locks on the doors. You’ve developed secure access control procedures to ensure your employees have the authorizations they need to do their jobs. Why would your strategy change when aiming to protect your business’ most important asset? 

Just like with physical security, you need a strategy to protect your digital assets. Part of that strategy has to confront the fact that your business is going to get phished and that it is your responsibility to ensure that your employees are well trained, and therefore knowledgeable about how to identify and respond to these situations. 

Here are a few tips on how to ascertain if a message is legitimate:

  • Thoroughly inspect both the name and sender’s email address before you take action.
  • Check the content for misspellings or completely incorrect uses of grammar.
  • Consider if the sender would send a message asking you to take cavalier action.
  • Consider if the sender would ask you to send them authorization credentials through email.

If there is any reason that the recipient has a notion that the email is not legitimate, implore them to verify. Getting a verification of the email’s legitimacy typically takes minutes and can really help eliminate the risks that display name spoofing can bring to your business.

If you need help understanding how to identify phishing tactics, train your employees to do the same, and knowing what steps to take when you realize you are dealing with a phishing attack, contact the IT professionals at White Mountain IT Services today at 603-889-0800.

Related Posts

Did you know that, of all the vulnerabilities your business has to cyberthreats, your employees are one of the riskiest, simply due to their exposure to your business technology? If your business isn’t secure, it will become incredibly more difficult...
Despite its whimsical name, phishing is a very serious threat to everyone, especially today’s businesses. This means that you need to be prepared to identify its warning signs and avoid risky situations. Here, we’re offering a few tips to help you do...
Phishing has quickly become the most predominant form of cyberattack due to the method’s simplicity. It solely relies on a user’s gullibility. The weakest link to any business is typically the employees. In order to protect your business, you and you...
It is not as difficult as it might seem.  If your systems are currently working, we can easily back them up, lock down the network, and then document everything about your infrastructure.  If your systems are not currently functioning prope...
Network security entails a ton of different procedures, and it can be easy to lose track of what you’ve already implemented, and what still needs to be done. Instead of worrying about keeping your business’s confidential data safe, know with certaint...
When you think of the Internet of Things, does your mind immediately wander into the realm of connected devices that change the way we interact with each other? Or, does it consider the security issues that can potentially become a threat to your ent...
All types of businesses use cloud resources as a part of their IT infrastructure. It allows them to turn what was once a major capital expenditure into a controllable operating cost; and, it does it while offering solutions to almost any business pro...
The online world is a scary place. Viruses, malware, spyware, adware, and more are all out there trying to get at your network. These threats are almost always prevalent, but compared to each other, some are vastly superior and far more dangerous and...
Accessibility and mobility are important parts of a business’s data infrastructure. To this end, some businesses take advantage of a Virtual Private Network (VPN), which has the power to extend a personal network over a private network like the Inter...
Even the most innocent Internet user can fall victim to the stray hacking attack, and it’s all thanks to the manner in which malware reverse-engineers software. This process is how a hacker finds vulnerabilities in software. However, a new security c...
Just like Silk Road (the illegal online black market designed to smuggle drugs around the world), there exists an online trade for zero-day exploits. Unsurprisingly, hackers find it exceptionally lucrative to sell these exploits for profit. Now, ther...
People use and reuse old passwords time and again, and then they get two-factor authentication to augment their fifteen-character passwords. Wouldn’t it be great if your computer could recognize you just by how well you recognize others?...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our office in NH.  For locations outside of our service area, we will manage a local vendor to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

603-889-0800

map nashua4 1

 

Open Positions