As experienced IT professionals we get a lot of panicked phone calls from clients with employees who may have just fallen victim to an email phishing scam.

For the uninitiated, an email phishing scam is usually an email that is received that appears to be from either someone you know, or from a source that has had contact with you in the past. Normally, the email address will differ in some slight way as to hide the fact that the email is actually from a malicious source who is looking for access to your personal or company data.

Once a recipient opens the email, they'll be asked to click on a link for what appears to be essential or urgent information. Clicking the link will launch malware or ransomware on the computer and possibly an entire network of users.

Hillary Clinton aide falls for email phishing hack

Phishing is a pretty common tactic, and to the trained eye it's pretty easy to spot. That's why we were taken aback recently to learn that the email hack of the head of Hillary Clinton's campaign, John Podesta, was launched through a fairly simple phishing scheme.

According to reports, Podesta received an email purportedly from Google, telling him that his account had been compromised and he was instructed to click a link in the email to change his Gmail password. Podesta, fearing this might be some sort of scam, sent the email to the campaign's IT director. The director looked at it, and replied that the email appeared to be "legitimate."

While the IT director would later say he meant to type "illegitimate" in his response, Podesta's next move of clicking that link to change his password would give hackers access to over 60,000 highly sensitive emails archived in his Gmail account. The hackers then turned the emails over to whistleblower Julian Assagne of Wikileaks, and the rest is history.

Whether the revelation of Podesta's emails led to the defeat of Clinton in the Presidential race of 2016 is not for us to say. However, it shines an even brighter light on phishing scams and the damage they can do to your personal life or your business.

How to defend against phishing scams

We've written several times over the years about email scams, but it doesn't hurt to repeat the following safety tips when it comes to malware and ransomware.

1) Don’t open or download email attachments from unrequested sources. If you didn’t ask for it then you probably don’t want it. If you’re unsure if it’s safe to open, just use Outlook’s built in preview pane to look at the file instead of double-clicking or downloading it.

2)  We’ve all had an occasion where we need to send a private document and know that emails are backed-up and stored someplace and that the information is a bit sensitive to send via email. Consider email encryption options to prevent data loss and vulnerability.

3) Keep current on your updates. We’re all guilty of it at some point or another: you see the annoying little window pop up above your time and think “not right now, Adobe, Java, or Windows”. That’s exactly the thing that an exploit kit user thrives on. By not patching the holes in your security, you leave yourself open and the longer you go without these updates, the more vulnerable you become.

Chicago IT company BKS Systems

Does your small to medium-size business have problems with emailing phishing, malware or ransomware infection? Chicago IT consulting company Business Knowledge Systems can help protect you! We offer a full suite of IT consulting services, including spam/virus filtering and monitoring, cloud-based backups and storage, endpoint management and Microsoft Office 365 services. Contact us to take charge of your company’s IT today.