Don’t get “Phished”
‘Phishing’ is the most common type of hacking attempt in use today. Just a couple of years ago, few people had heard of the phrase, however it’s now in the Oxford Collins dictionary alongside other words we didn’t know we needed, such as Spam and Cybercrime.
It is highly likely that you have seen or received a phishing email. The most common of these used to be an email supposedly from DHL or some other courier stating you had a delivery waiting and needed to log in to pay a delivery charge before the package was sent on.
Usually these were quite clearly fake, badly written and with appalling grammar, so much so that common sense would override the need to find out about this mysterious package that you had been sent. However, if you follow the link provided in the email and entered your debit card details, you may as well have just handed your bank details to a thief.
Nowadays we are pretty much wise to these types of basic scams, we know to check the senders address and we know not to just click links in random emails.
However, the scammers now have better technology, spell checkers; and are able to spend a little more time analysing their targets in order to best exploit them.
A typical phishing email today will look identical to a genuine email and will likely come from someone you know.
This is because although the initial attack may be random, once they find a weakness, they will dig in deep and trawl through your personal and business information, making notes of who you send emails to, who your friends and co-workers are, what companies you purchase and supply goods with. They will also attempt to find as much financial information as possible.
Once they have this information, you have lost control over your online identity. They can redirect and send messages from your accounts, perhaps telling your customers you have new bank details, or even sending an email to your Finance controller asking for funds to transferred somewhere.
Of course, the email that gets sent will be worded exactly in your particular style, maybe even using nicknames. Your finance controller may query this via email, however you won’t see this email and the hacker will reply with confirmation that it is ok and please go ahead.
These are not hypothetical scenarios or scare tactics, the above examples have all occurred to local companies. In the week of writing this, I have seen three companies fall victim to exactly this type of scam.
So what can you do to protect yourself and your organisation?
- Multi-factor Authentication – Effective protection for your Office 365 accounts from compromise.
- Vade Secure – The most effective way to protect your mailbox, using AI and the very latest Machine Learning techniques.
- CSSCloud Support – Our proactive support and award winning security solutions combine to offer your organisation the highest levels of protection available.
If you would like further information on our solutions and what we can offer to protect your organisation from theft, fraud, ransomware, data breaches and loss, call us on 01493 801 801.