Just like fishing, there are many ways to reel one in and attackers will try anything to get you to bite.
These people are very skilled at what they do and can create emails that look so much like the real thing that even the savviest staff member can easily be caught out at the end of a busy day. For that very reason, phishing scams are often deployed towards 5pm or last thing on a Friday when people just want to get home and take their eyes off the ball. Just like the fisherman sitting patiently at the riverside, hackers know that if they wait long enough, someone will bite sooner or later.
When most people think of cyber-attacks and data breaches, they think of a hooded hacker hammering away at the keyboard in a dark corner somewhere using complex commands to get past firewalls and steal passwords.
The reality is that imposter emails, or phishing emails, are the most common entry point for hackers. And unfortunately, the perpetrators of this simple scam don’t have to know a lick of code to pull it off.
Phishing emails play to our innate psychology. By impersonating a person or organization with a high level of authority—and urging immediate action—these emails are dangerously persuasive.
Given the success rate of phishing attacks, phishing emails will continue to be a growing problem for business and consumers alike. Here are just a few examples of phishing emails in use over the past year:
Attackers get creative when it comes to imitating trusted brands and authority figures, creating email addresses or adding titles to the associated email to make it look like it’s coming from someone it isn’t.
For example, if your boss’s email is email@example.com, you may receive an email from firstname.lastname@example.org and not notice the difference if the bolded name next to it displays his/her first and last name. Double-check that the domain ending is legitimate or doesn’t have a subtle spelling error to confirm authenticity. Look for these same mistakes throughout the email as well.
Attackers also use this tactic to pressure you into making a decision in haste. If you receive a message from an authority figure, like your boss, asking you to do something quickly, err with caution. Your boss should not ask to you send credit card information or route money to another account via email. If you do receive a call-to-action such as this in your inbox, pick up the phone and call the person to ask if this is a legitimate request.
The below list are other common scams:
There are ways to avoid falling prey to phishing attacks. Here are a few top tips:
Stay Informed. Education is everything, and that goes for you and your staff members. New scams are being developed every day, so it pays to sign up to regular updates and guides that will keep you in the loop. Cyber Security training for all IT users is also highly recommended so you can be confident that everyone knows what to look out for.
Always be suspicious. OK, so it’s a bit miserable going through life being cynical but there are some situations where it pays to expect the worst. If an email doesn’t look quite right, it probably isn’t. If you’re not sure, just hover over the link before clicking on it to see where it leads to. If you don’t recognize the website address or it’s full of funny looking symbols, avoid like the plague.
Get protection. Install anti-virus protection, SPAM filters, web filters and anti-phishing toolbars and make sure they’re always kept up to date. Failure to install
the latest patches and updates leaves organisations wide open to threats. Monitor the anti-virus status of all equipment, particularly mobile devices that are used outside of the working environment.
Think ahead. Develop a robust IT security policy that includes everything from Bring Your Own Device to password management and backups. Make sure all sensitive company information is encrypted and that all mobile devices – including those that belong to staff members – have to pass security protocols before they can access your network.
The best way to keep the phishermen away? Put your IT security in the hands of trusted professionals. Contact Us.