Email Verification and a Lesson in Cybersecurity

Recently, we added a new component to our employee benefits, establishing a relationship with a new vendor along the way.

As most new vendors do, this company sent a contract for approval and a signature via an email link to a file-sharing site.

The email, from a no-reply sender, was delivered to my spam folder. As I opened it and tried to click the link, I received an alarming warning about its contents. Our security tools warned that the link had failed one or more real-time security checks. The URL appeared to have similarities to various known phishing sites.

We are always cautious, but in this case, I knew that I would be uploading some sensitive employee information, and there was absolutely no room for error. I sent it immediately to one of our senior Client Security Advocates for him to research before I went any further.

Fortunately, he quickly determined several key characteristics, particularly from the included link, that set off alerts for our security tools:

• Email text directed me to use a clickable “email activation” link.
• The link was described as “secure-share” and directed me to upload my file.
• Finally, the link mentioned that a “user id” was created for me and included in the body of the email.
• Furthermore, there was no historical interaction with this first-time sender.

Our security expert quickly cleared the sender and the email for me, and I was able to continue with my file upload knowing that the request had originated with my vendor and that the site was secure.

The entire process added just a few extra minutes, but clicking on a malicious link could have been catastrophic for our business.

If your employees are clicking on email links that you aren’t absolutely certain are legitimate, you are putting your entire business at risk. The vast majority of ransomware attacks start with a successful phishing attempt.

With our security and compliance clients, SIP Oasis provides employee training and email screening, along with many other layers of protection and tools, to defend your most critical intellectual property and resources.

If you’d like to schedule a brief, 10-minute call with us to determine if our services are right for your company, please feel free to book a time  or give us a call at (205) 623-1200.