Security Hints + Tips
Don’t Be Fooled by Workspace Tools
Many organizations use platforms such as Microsoft Teams, Google Drive, or Zoom to stay connected. Unfortunately, these trusted communication tools can lead to a false sense of security. Just like with traditional email, bad guys can use these platforms to launch a cyber attack.
Below are three examples of how cybercriminals use these platforms for phishing—and what you can do to keep your organization safe Lurking Recently, a cybercriminal gained access to an organization’s Microsoft Teams channel, which is similar to a group message or a chat room. The scammer lurked in the channel for nearly a year, reading messages, collecting data, and waiting for the perfect time to strike. Finally, someone asked that a file be shared to the channel and the bad guy used this opportunity to send a malicious ZIP file. When opened, the file installed malware that gave the scammer full access to the victim’s computer. Remember: If someone sends you a link or an attachment, verify that you know and trust the sender before you click. Playing Tag Remember: If you receive a suspicious notification, contact your IT department or follow the specific security procedure for your organization. Phony Notifications Remember: If an email asks you to log in to an account or online service, log in to your account through your browser—not by clicking the link in the email. |
The KnowBe4 Security Team KnowBe4.com |