Would You Let A Phisherman Reel You In
Would you be able to spot a phisherman? In today's article we look at information security and the threat of phishing emails that could potentially cause damage to your business.
The popular internet meme 'Gone Phishing' is a massively popular problem which cyber criminals use to catch out unsuspecting businesses, leaving them open to data theft. This is why all organisations need stringent information security policies and best practices in place.
Cyber terrorists will send thousands of phishing emails daily attempting to gain sensitive information, credentials or install malware on a system for their advantage. The 2014 RSA roundup on cyber crime put phishing attacks at 46,747 for a single month of the year.
In the third quarter of 2014, the anti-Phishing group recorded over 20 millions new malware samples, equating to 227,000 malicious files per day.
Would you know the difference between an internal email, a B2B email and a phishing email? Cyber criminals attempt to mask the integrity of their email by making it seem like they are a client, business partner or even an employee.
Impersonating IT administrators: A common trick for phishing is to send an email with a subject line that confuses an employee to believe they have received the email from IT, with instructions to visit a particular website or call a number. The email could state that they have contracted a virus or need to contact IT for any number of reasons.
The cyber criminal could use this method to ultimately gain control of an individuals PC by guiding them through allowing remote desktop control, or use other methods such as malware installation to get the information surrendered to them.
Emotional baiting: Some phishers will use a persons emotions to initiate a response, with subject lines such as 'There's an emergency', 'You've won a prize', 'You're under investigation', 'Tax refund' among others. These will normally include a link with text explaining a negative consequence if no response is received.
The sender is unknown It should be common sense that an email from an unknown sender, especially one that is asking you to perform a certain task or click on a link is probably a phishing attempt, however 39% of people admit to opening an email from an unknown source.
The recipient has no choice but to click on a link or attachment: A phishing link will normally send you directly to a website requiring personal information such as pin numbers, card details, email addresses and postal addresses, whereas an attachment can contain keyloggers, viruses and other malware designed to intrude and obtain sensitive information.
It is imperative that all businesses, small, medium and large understand the risks of increasing cyber crime and take preventative measures to safeguard their employees and information. The head of information security needs to ensure that policies are updated and regularly tested to prevent a breach. It is also important to train all staff in email compliance and have policies attached to their employee handbook for reference.
Michael O'Hara, 09 September 2015