Cybersecurity attacks can sneak into your emails, sometimes without being detected so it’s important that you and your team are vigilant. These attacks are called “Phishing”.
You may wonder what phishing is, or maybe it’s something you’ve heard of but not in detail. We’ll teach you all about it in this article.
What Is Phishing?
Phishing is a type of attack that is carefully planned out by cybercriminals. It can be targeted to a specific company, or it could be a mass email going to millions of businesses.
Phishing can be done via email, text message or an instant message on social media platforms.
They pose as a trusted company or business, sending links in their message or email with potentially disastrous consequences if clicked on. The main reason for this, cybercriminals want to steal user data, such as log in credentials and credit card numbers, often to hold the data to ransom or for Identity theft purposes.
Common Examples Of Phishing
- The fake invoice scam. The most popular phishing template out there
- Email account upgrade email
- Advance-fee text message
- Google Docs
- PayPal scam
- Message from HM Revenue
- Dropbox scam
- “Your password needs reset” email
- Amazon voucher scam
Reasons Email Accounts Get Hacked
The most common reasons email accounts get hacked are; not logging out on shared computers, poor password habits and phishing scams.
Even if your business has strong security measures in place, some phishing emails can still sneak through undetected. It’s important to know what the signs are.
Phishing can lead to devastating consequences for your business. It can lead to identity theft, theft of customer data, stealing of funds and unauthorized purchases.
The Signs Of A Phishing Email
The signs for you and your team to look out for are;
- Public Email domains
- Misspelled domain names
- Bad grammar and spelling
- Suspicious attachments/links
- Sense of urgency
Measures Your Business Can Put In Place
- Have appropriate cybersecurity practices in place to stay one step ahead. If they are successful, they won’t get much further.
- Cybercriminals are good at manipulation so don’t punish staff if they happen to fall victim. Instead learn from it, and teach them how to spot the signs and most importantly, to report any suspicious
- Employees need to be aware of the threats they face as cybercriminals may pose as a senior member of staff giving orders, giving a false sense of urgency. This will heighten emotion due to the manipulation therefore employees may fall victim to this
- Regular staff awareness training on cybersecurity and password training
- Phishing emails can hit an organization of any size and type. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money). Or it could be the first step in a targeted attack against your company, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign, the attacker may use information about your employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.
How Innovec Can Help
We can apply the following changes to help mitigate some of the examples above.
- Add a professional spam filter such as ProofPoint or Spam Titan – this will help filter out more of these types of attacks by intelligently looking through the content of the incoming e-mail
- Add a notification to all externally received e-mails – this will highlight to all users that the e-mail is from an external source and not from “the boss”
- End user education – we can send out test e-mails to your users to help educate with real-world examples
If you could benefit from any of the help above, get in touch with our Innovec team. We will be happy to arrange a 10 minute call at a time which suits you, for a chat about how we can help and offer some advice.