The Federal Trade Commission (FTC) Bureau of Consumer Protection released a study this month (March 2017) indicating that business entities could be doing more to stop malicious emails from hitting the inboxes of employees.  The goal behind many malicious emails is to trick individuals into turning over either their own confidential, personal information or confidential business information to which the individual has access due to his or her job responsibilities. Cyber criminals use social media sites such as LinkedIn, an entity’s own website, Internet search engines and other public resources to identify individuals with likely access to valuable information.  The attacker uses such information to compose an email that spoofs an otherwise legitimate sender, such as a bank, mortgage company, Internet service provider (e.g., AT&T,  Verizon, Spectrum, etc.), a business partner or even another employee.  These malicious emails are commonly referred to as “phishing email” or “spoof email”.

The FTC’s report, titled Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication (Report), states that many businesses are not taking advantage of Continue reading →