Early Warning Signs Your Employees Need to Look Out for and Report to IT

Editor’s note: In recognition of National Cybersecurity Awareness Month this October, we are publishing a series of blog posts dedicated to educating and informing you about cybersecurity practices. This is the fifth in a series of posts. Below, you can find a list of links to the rest of the series:

• What is a Pig Butchering Scam and How Do You Protect Yourself?
• 6 Conditional Access Policies You Should Turn on Now
• Tips for Running an Effective Cybersecurity Awareness Campaign
• What is Quishing and How Do You Protect Yourself?
• My Dad Lost Thousands of Dollars in a Romance Scam. Here’s How They Work and How to Protect Yourself
• NIST Releases New Password Rules: What Does It Mean for You?
• 7 Reasons Your Organization Needs Cybersecurity Insurance (Posting Oct. 16)
• Why Does My Organization Need Cybersecurity Insurance and an MSP? (Posting Oct. 21)
• Why Keeping a File with Passwords on Your Computer is a Terrible Idea (Posting Oct. 23)
• How Do Passwords Get Hacked? (Posting Oct. 28)
• Why Does Social Engineering Happen? (Posting Oct. 30)

Each year, phishing attacks continue to rise. It’s no longer a matter of “if it happens.” Now, it’s a matter of “when it happens.”

According to email security provider Egress’ Email Security Risk Report 2024, 94% of cybersecurity decision-makers had to deal with a phishing attack in 2023, up 2% from the previous year.

Additionally, bad actors continue to get more efficient with their attacks, as 96% of targeted organizations were negatively impacted, compared to 86% during the previous year.

We’ve previously discussed the importance of taking phishing training seriously because it only takes one malicious URL to cripple your organization. Making matters worse, phishing attacks are becoming harder and harder to detect thanks to the popularity of AI to craft legitimate-looking emails.

Security awareness is not something only one employee needs to worry about. It takes every employee to stay vigilant to keep your organization protected.

As a reminder, here are some warning signs your employees should look out for and report to your IT team or managed service provider.

Unexpected Multifactor Authentication Requests

Also known as multifactor authentication prompt bombing, unexpected MFA requests are a social engineering tactic where attackers obtain account credentials and send authentication requests to users, hoping they will approve them and grant access to the account or system.

If you receive an unexpected MFA request, do not approve it. An unexpected MFA request means an attacker has your username and password and is attempting to log in to your account.

If you accidentally approve an unauthorized MFA request, you have granted access to the attacker. Don’t panic but do take immediate action by notifying your IT department or managed service provider.

They will be able to assess the damage and take the appropriate measures to secure your account and prevent further attacks.

Your IT team will assess the damage and take appropriate measures to secure your account and prevent further attacks. Once you alert them, sign out of all devices using the options available in many applications. If you’re unsure how to do this, your IT team can handle it for you.

Next, change your password to a strong and unique one you haven’t used before.

Finally, check your account for suspicious activity, such as changes to your account information or unauthorized purchases. If you see anything unusual, alert your IT team or MSP immediately.

Receiving Strange Emails

According to Astra, a cybersecurity firm, about 1.2% of all emails sent are malicious. While this may seem like a small percentage, considering the volume of emails sent globally, it amounts to approximately 3.4 billion phishing emails per day.

Every employee will eventually receive a phishing email, even if they haven’t already. Hopefully, they’ve been trained to spot the telltale signs of a phishing attack.

These signs include:

• “From” email address misspellings or addresses that don’t match who or what they are claiming to be.
• Misspelled words within the email.
• Requests for personal or sensitive information.
• URLs that direct to unofficial sites.
• Emails that create a sense of urgency, asking you to act immediately or ASAP.

There also are login credential-stealing scams that ask you to update your Microsoft 365 password, activate a security tool or ask you to sign in to your Microsoft account because you were signed out.

These scams take you to bogus websites designed to look like legitimate Microsoft sites and ask you to log in to your Microsoft account. This is how they steal your login information and lock you out.

High Volume of Unexpected Sent Emails

If you notice a high volume of emails that you didn’t send, it’s a strong indicator your account has been compromised.

Attackers often use hacked accounts to send phishing emails to other potential victims.

If you see a flurry of sent emails, especially ones you don’t recognize, report it to your IT team immediately. They will help secure your account and stop unauthorized emails from being sent.

Your Account is Locked Out

If you find yourself locked out of your account, it could be a sign of brute force attempts or other unauthorized access.

Brute force attacks involve trying many passwords in rapid succession until the correct one is found.

If an attacker succeeds or makes too many attempts, you could be locked out. Always report any lockouts to your IT team to investigate and secure your account.

Recognizing Website Redirects

Website redirects occur when you are browsing online and suddenly find yourself on a different website than the one you intended to visit.

This can happen for a variety of reasons, but when it occurs unexpectedly, it’s often a sign of malicious activity.

Attackers use website redirects to direct users to phishing sites or sites that download malware onto their devices.

These malicious websites are designed to look legitimate, tricking users into entering their personal information or downloading harmful software.

Here are a few ways to recognize and respond to suspicious website redirects:

• Unexpected Redirects: If you click on a link or type a web address and are taken to an entirely different site, this is a major red flag. Legitimate websites typically don’t redirect users without clear indications.
• Frequent Pop-ups: Being bombarded with pop-up ads is another sign of a malicious redirect. These pop-ups can be used to lure you into clicking on unsafe links.
• Browser Warnings: Modern browsers often warn you if you’re about to visit a dangerous site. Pay attention to these warnings and do not proceed if you see them.
• Phishing Pages: Be wary if the redirected page asks for sensitive information like login credentials or personal details. Legitimate sites rarely ask for this information out of the blue.

If you encounter an unexpected redirect, close the browser window immediately. Do not enter any information or download any files from the redirected site.

It’s important to report these incidents to your IT team or managed service provider, as they can investigate and take steps to protect your network.

Get the Right Tools to Protect Your Team

Fortunately for our clients, we make it easy to report suspicious-looking emails. A Phishing Alert Button notifies our team of potential phishing emails.

Our team will investigate the email, and if it is determined to be phishing, it can be pulled from the inboxes of other employees before they have a chance to click any malicious URLs.

If the email is deemed safe, it is returned to the user’s inbox.

If you don’t have a Phishing Alert Button, you should notify your IT team or MSP of the suspicious email. However, it is imperative you don’t forward the email to others asking if it is a phishing attempt.

Forwarding a phishing email increases the likelihood that the attack is successful. Instead, take a screenshot or have an IT professional look at the email on your computer.

If your organization hasn’t had any formal security awareness training, now is a good time to start.

If you have had security awareness training, but your employees aren’t taking it seriously, hopefully, this information will persuade them to use that training to keep your organization safe.

Remember, training is not a one-time thing. Technology changes warrant multiple training sessions per year to keep employees updated with new and emerging trends, as well as reinforce basic training.

Security Awareness Training Can Save Your Organization

If you’d like to learn more about our Security Awareness Training, contact us here to learn how we can help secure your sensitive data.

Did you like this blog? You can subscribe to our newsletter to receive a weekly email with our latest blog posts.