Understanding Phishing and the need for Cyber Essentials Russian high-tech crime investigating company Group-IB have recently reported that cyber criminals have stolen £18.7 million from banks in Russia between August 2015 and February 2016 using spear phishing emails.
Phishing has been defined by security software giant Symantec (Norton Antivirus) as an email that appears to be from an individual or business that you know. But it isn’t. Its from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.
But it is not just banks and other financial institutions that need to guard against this threat. With these phishing attacks aggressively being aimed at your staff, as an employer you need to look at how to identify possible phishing attacks, and how to effectively pass this information on to your employees.
How do you tell?
Well, you can’t always, scam artists will do their utmost to perfectly re create logos and familiar headers and footers in emails but there are a few things that you can do to guard against this threat. It is not a bad idea to train your staff to get into these habits for all email traffic.
What to look for
For starters, before opening any emails check the senders address/domain and not just the familiar looking senders name. For example an email pretending to be from a familiar energy company should have a recognisable email address firstname.lastname@example.org rather than email@example.com. This is a simplistic example, but you get the general idea. If you are unsure, then go directly to the company website or call them and check if the email is genuine.
The really important bit…
Phishing emails contain a document link that needs to be opened in order for the malware to infect your system NEVER OPEN A LINK unless you are expecting it! Always check with the original company if you have any doubts whatsoever. It may take a few minutes but it could be well worth it.