What is Phishing?
In an effort to further enhance your company’s cyber defenses, we want to highlight a common cyber-attack that everyone should be aware of – phishing.
"Phishing" is the most common type of cyber-attack that affects organisations like yours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details.
Although we maintain controls to help protect your network and computers from cyber threats, we rely on your assistance to mitigate these threats.
Types of Phishing to watch out for:
In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an impostor login screen that delivers your information directly to the attackers.
Spear phishing is a more sophisticated phishing attack that includes customised information that makes the attacker seem like a legitimate source. They may use your name, phone number, and refer to in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and ask you for sensitive information (including usernames and passwords).
Shared Document Phishing
You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials
What you can do?
To avoid these phishing schemes, please observe the following email best practices:
- Do not click on links or attachments from senders that you do not recognise. Be especially wary of .zip or other compressed or executable file types.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Watch for email senders that use suspicious or misleading domain names.
- Inspect URLs carefully to make sure they are legitimate and not impostor sites.
- Do not try to open any shared document that you are not expecting to receive.
- If you cannot tell if an email is legitimate or not, please contact Business IT and we will assist you in determining the validity.
- Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
You always need to take caution when you are asked to click on or provide login details from senders you do not recognise.
Business IT provides a mail filtering service and part of this service for clients includes a warning notification at the top of all incoming emails to help identify when an email is received externally in the business. We can also set up additional services that can help you train your staff to identify problematic emails.
For more details or a consultation please contact Business IT on 0800 248 277.