301-571-5040    Get SUPPORT

Washington Works Blog

Washington Works has been serving the Bethesda area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Tip of the Week: How to Protect Yourself from Invoice Impersonation

Tip of the Week: How to Protect Yourself from Invoice Impersonation

As cybercriminals become increasingly sophisticated in their methods of attack, it is important that your staff--the ones on the front lines--are educated to spot these attempts and know what to do if one is encountered. In order to spot these attacks, it is important to know what to look for.

Unfortunately, the increased sophistication of these attacks have made them harder to spot and resultantly, harder to avoid. This has led to a rise in the use of an attack vector known as an invoice impersonation attack. When utilizing these attacks, a cybercriminal will send a message under an assumed name (often one that belongs to a regular contact in actuality) that includes an invoice number and a link, presumably to download the invoice.

However, rather than downloading the invoice, as expected, the target of an attack will discover that they have actually downloaded some malware. This is often how ransomware is introduced into a system.

Warning Signs
To avoid falling victim to an invoice impersonation attack--or any form of email phishing or fraud--your users should know to keep their eyes out for any warning signs.

Messages containing a payment request and link
One of the bigger security issues with the concept of email is the fact that most users can only take it on good faith that the message comes from the person it appears to have. There is no voice to identify as someone else’s, and no handwriting to compare to the actual person’s.

Therefore, if an email comes from someone with a request for payments to be made, with a link to what is claimed to be a payment portal, don’t click. You might have just dodged a ransomware program delivered via a phishing attempt.

How to Protect Your Business (with the Help of Your Employees)
Phishing attacks, including invoice impersonation attacks, rely on their target to trust the content enough to not question if the sender is who they say they are. As such, they can be avoided with a little mindfulness on the part of your employees.

Make sure your employees know to keep an eye out for risk factors. Requiring regular training sessions as well as testing their cybersecurity mindfulness will help to keep awareness alive and well among your staff members.

Furthermore, you should have updated spam filters and malware blockers installed to help minimize the risk that these messages even make it to your staff in the first place. This is where Washington Works can help.

If you’re interested in the solutions we have that can help make cyberthreats a non-issue, give us a call at 301-571-5040.

HIPAA and Wearables May Clash in the Near Future
Will 2018 See Any Changes to Your Infrastructure?


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 23 February 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Cloud Best Practices Business Computing Malware Hackers Privacy Network Security Software Business Microsoft Backup Ransomware Email Productivity User Tips Mobile Devices Android Smartphone Internet Computer Managed Service Provider Office 365 Efficiency Small Business Managed IT Services Google Windows 10 IT Services Hosted Solutions Encryption Business Continuity Business Management Data Management Data Recovery Communication Work/Life Balance Workplace Tips Remote Monitoring Smartphones Tip of the week Productivity Hardware Outsourced IT Browser Social Media Cloud Computing Server Paperless Office Windows Government Password Cybersecurity Windows 10 Save Money App Holiday IT Management Hosted Solution Apps Unified Threat Management Word Money Facebook Virtual Reality Big Data Innovation Risk Management Phishing Disaster Recovery How To IT Support SaaS Antivirus Data Backup Collaboration Twitter Wi-Fi Mobile Security Managed IT Services Computer Care Robot BYOD Maintenance Recovery Training Business Technology File Sharing Physical Security Hacker Chrome Office Automobile Saving Money Alert Health Infrastructure Scam Samsung Computing Two-factor Authentication Vulnerability Mobile Device Bandwidth Politics Data Taxes Tech Support Data Security Telephone Systems Websites Server Management Virtual Private Network Artificial Intelligence Firewall Botnet Employer-Employee Relationship Automation Document Management HIPAA Cyber Monday Personal Information User Error Time Management Private Cloud Update Applications SharePoint Passwords How To Downtime Identity Theft Cortana Smart Technology Hotspot Network Management Web Server Error IT Technicians IBM Downloads Managed IT Analytics Supercomputer Remote Computing Distributed Denial of Service Microsoft Office Computer Repair Language Touchscreen Cameras IT Support Corporate Profile Communications Chromebook Mirgation Customer Relationship Management Multi-Factor Security Outlook Lenovo Cybercrime IT Budget Processors Managed IT Service Computing Infrastructure CCTV Cabling Law Enforcement WannaCry Google Calendar Shortcut Break Fix Superfish Firefox Digital Payment IT Solutions Alerts Gadget Monitors Staffing Emoji Legislation Patch Management Dark Web Vendor Management Travel Upgrades Mobile Device Management Electronic Medical Records Licensing Heating/Cooling G Suite Disaster Data loss Network Mouse Microsoft Excel Networking Motion Sickness Augmented Reality Legal Cooperation Servers Uninterrupted Power Supply YouTube Office Tips WiFi Tablet VPN Social Internet of Things Quick Tips Notifications Sports Staff IT Consultant Settings GPS Budget Comparison Gadgets Blockchain Google Drive Meetings Gmail Statistics Solid State Drive Digital Administrator Tracking Specifications Mail Merge Permissions Techology VoIP Webcam Machine Learning Wearable Technology Upgrade Printer Bluetooth Education Hard Disk Drive Address Spyware Virtualization Black Market Black Friday Wireless Fraud Unified Threat Management Avoiding Downtime Point of Sale Crowdsourcing Relocation Search Access Control Cleaning CrashOverride VoIP Presentation Emergency 5G Wireless Technology Marketing IP Address Website Customer Service Mobile Office Domains Hard Drives Spam Public Speaking Lithium-ion battery Safety The Internet of Things Hiring/Firing Competition Fun Users Miscellaneous