People fall for Phishing scams all the time, including IT savvy people. That’s because Phishing emails are cleverly designed to catch you out. They are created to look like legitimate emails, maybe from your bank, a fellow employee or a customer.
A typical Phishing scam will trick you into clicking on a link or attachment that either infects your computer with malware or takes you to a website that looks legitimate, but is forged, and is designed to get you to hand over private information such as user names and passwords.
Increasingly, fraudsters are targeting specific individuals with sophisticated spoofs pretending to be from government departments, banks and major brands. Often the emails will have ‘Attention’, ‘Important Notification’, or ‘Your account has been revoked’ in the subject line and the growing reliance on email means it’s becoming progressively difficult for recipients to distinguish between mimics and genuine correspondence.
With over 100,000 new Phishing scams every month the risk of you becoming a victim is high, unless you follow the steps below and, above all else, remember that when it comes to email you can’t really trust anything.
Always Think Twice Before Clicking on Anything
Phishing emails are cleverly designed and it is easy for users to be taken in. They can be remarkably credible, often appearing to come from an email address of someone you know; only the sender address is forged. Phishing emails are so clever at times that they are known as ‘Spear Phishing’.
People are generally receptive to email requests from what appears to be a legitimate source, and can easily be fooled into clicking on a link in an email. The consequences can be devastating for your organisation – just look at what happened to businesses caught out by the recent Ransomware attacks. (http://www.csoonline.com/article/3209086/hacking/top-10-phishing-email-subject-lines-that-launch-ransomware.html)
Unless you want to lose data or have your IT systems seriously crippled you must ensure staff practice scepticism, even when things look legitimate. It pays to be a little bit paranoid.
Consider the Source
If you receive an email from someone you know, only there’s something not quite right about it; it could be off topic, oddly worded or contain an attachment or link you weren’t expecting, then beware! You may want to call them and check they have indeed sent it.
Many companies get hacked and their email systems compromised so it’s not unusual to get emails that appear to come from people you know – the email may well have originated from their hacked systems.
Deploy a Defence System
Anti-Phishing systems exist that can identify and disarm malicious emails. Forged sender addresses can be spotted, fraudulent links highlighted, and dangerous downloads blocked. Failing that, ensure users are vigilant and aware of the dangers.
If you do fall foul of a Phishing email then you will need to have a backup of your data that is easily accessible, so you can recover it and get back to work.
Please contact me for a free review of your anti-phishing defences. email@example.com 0191 516 6200
Join us for a free cybercrime workshop, and pick up some useful hints and tips on the best way to ensure your systems are secure. Click here to book your place on Wednesday 11 October, 9:30 – 11:00 am.