Phishing

Phishing

Phishing attacks are the most common types of attack, and arguably the most dangerous.

For many years’ attackers, have attacked the perimeters of networks, as a result companies have invested in these defences. Over time attackers have realised that the weakest link, the easiest point of entry is it’s users. Typically, they are unprotected, untrained and unprepared for such attacks.

Unfortunately, users are highly susceptible to the many variants of phishing scams from fake websites to free software, from badly worded emails to African scams – enticing individuals to type in their credentials into a false site. Users click onto links which can install a system monitor, ransomware and key loggers.

 

Information can be gathered from various social media sites to make the requests look genuine and legitimate, and when the message comes from a trusted source, someone you know, it makes it even more convincing, especially if that trusted person is a friend, family member, colleague or your boss.

Once the user complies with the message their hooked and the attacker now has everything they need to launch an even more deadly attack. Because of this phishing attacks can be delivered to thousands of people at a time with little or no cost.

As with many cyber-attacks, preventing these types of attacks is all about user education, after all it’s the user that makes the decision to open or not to open the attachment or click the link. Hopefully, after this course you will be better equipped to avoid these dangers.

Whilst many of the functions within a business have been split out because each has a different reason to be targeted, it is worth going through them all.

Why are you a target?

Administration Assistant / PA / Receptionist/frontline Financial Services worker

The unsung hero of most organisations, the people that keep the business ticking, organising calendars, dealing with data and doing the hard work behind the scenes.

Due to the nature of their role, they provide support to many, have access to a lot of data, including transaction information on behalf of customers or a Manager/Director. Typically, the busiest person in the business, with multiple tasks on the go at any one time and they’re normally in a hurry.

Due to the nature of their relationships across the business and because they can open up access to the rest of that business, they are often seen by cyber criminals as the key to unlock that organisation.

Human Resources

Given the nature of their role, not only do they have manage relationships spanning the business but are also known for high levels  of communication and have access to sensitive information including payroll systems.

Helping people and sharing information are key to this function, attackers will try to exploit this, especially in larger organisations where the HR manager may not know everyone. Attendees may pose as employees trying to gain access to their own information.

Sales

This is the team that interact with clients and prospects all day every day. The team where emails are going to be expected to come in and go out daily.

Typically, sales people will be on the lookout for a request coming in or the return of a proposal. To win the business, they open and respond quickly. A perfect opportunity for an attacker.

Director/FD

It stands to reason, the higher in the organisation you are the greater the chance that you are a decision maker, authorised to sign off money transfers.

Given the nature of the role, directors tend to work at 100mph and don’t always get the chance to read the details in emails. This makes them a prime target of “whaling” attacks.

An attack of this nature is normally either a request for sensitive information or to make a payment and typically comes from a trusted source, their boss or a client. These requests are normally made by the attacker “spoofing” or taking control of the sending email address.

So far, we have looked at targeted email phishing, otherwise known as “Spear phishing”, however don’t forget all the other employees in the organisation are equally at risk! 

As a result, security training and awareness across the company is vital. The better equipped everyone is, the smaller the chance of the attacker getting in.

Whilst these emails might not be as targeted or specific, thousands can be sent at once and although they don’t have as good a success rate, they still hit the mark!

Things to look out for

  • If the email has an attachment don’t download or open it unless you know it is from a trusted source and you can verify it.
  • Check the content is legitimate before it is forwarded. Is the recipient expecting it or has the sender sent it?
  • If there is a link, hover the cursor above the URL to make sure it matches the URL. If in doubt, type it into the browser, don’t click the link.
  • Unusual requests
  • Poor spelling, grammar or unusual language
  • Is it written and signed the way you would expect it to be?
  • Be suspicious of a business that has a yahoo, Gmail or Hotmail address, or a professional email with the same type of address.
  • If you’re asked in the email to open an attachment and enable a macro, delete the email.
  • Avoid downloading documents or forms, especially if a conversation or simple reply will do.
  • The senders address might be slightly different. e.g. the letter “I” replaced by a number 1.
  • If there is a request for sensitive information, call the sender to clarify or confirm
  • Think of the language used in the email, how is it used, does it match how the sender would normally write?
  • Be very suspicious of urgency. A known tactic to pressure the required response.
  • Is the sender a specific person and not sent from sale@ or something similar?
  • Does the email have a signature and does this match the sender’s details?