Phishing is one of the most common cyber-attacks, operating through emails which appear to come from legitimate senders, they entice the recipient to click on a link or attachment which will then infect the victim’s computer with malware which gleans private information, which can allow the attacker to disrupt business operations, destroy data and steal money.
Anti-virus programmes are often bypassed by phishing attachments which use Microsoft office macros, these download the malware if run. Links may look like they go to a seemingly legitimate website but these websites will exploit vulnerabilities in a victims computer to install malicious code.
Some attacks are sophisticated and aimed at selected groups, victims may be researched through social media and website information, other attacks are designed to target as many people as possible knowing that they only need to catch a tiny percentage to be successful.
These high volume phishing attacks use fake invoices, remittances, banking updates, and final demand documents to encourage their target to open the attachments, others lead potential victims to enter private data onto forms on websites that are designed to look and feel like a legitimate site.
The risks to business include:
- Your data may be stolen or encrypted for ransom;
- It may result in hardware damage;
- Fraudulent internet banking redirection;
- And they may steal your money.
So how can you defend your business against phishing?:
- Always protect your systems by installing and updating reputable anti-virus software, and keep systems up to date with new releases and security patches;
- Never open attachments, click links or download software from unknown sources or questionable websites;
- Make sure that you have protective policies and training to ensure that staff have the knowledge to conduct business safely online;
- Limit access to systems and information based on job duties, and split financial responsibilities between employees;
- Only allow internet access to trusted websites, and limit the use of external media devices;
- Be aware of what information is available about you and your organisation on social media and the wider internet. If you know what can be found, you can be more alert to its use in an innocuous-looking email.
To avoid issues when dealing with emails and attachments. make sure that you look out for signs such as un-recognised senders, confirmations for purchases, responses to forms that you haven’t completed, unusual language, greetings or titles in the subject box, any of these can indicate that the email isn’t genuine.
If you receive an email with an attachment, which appears to be from someone you know but weren’t expecting, call them to confirm it before you open it, better to be safe than sorry.
Learn more about keeping your data safe with the ProTrainings Data Protection video online course at www.prodataprotection.co.uk or by calling ProTrainings on 01206 805359.