How to spot a phishing email
Blog: Professional advantage - BPM blog
While an organisation’s employees are its most
valued asset, they are also, potentially, its
weakest link in the area of IT security defence framework
(technology, policy enforcement, and people behaviours), and their current
capability to protect, defend, and respond to such threats coming into their
organisation via email. Cybercriminals target employees at every organisational
level, and those who are not aware of their
tactics and means can easily and innocently fall for them. Such is
the case of these organisations that we encountered previously:
- An international and very high profile government authority suffered a very serious phishing attack. Their finance team received two invoices from separate supplier entities via email, both of which looked very authentic with electronic funds transfer details and links. The problem was that the invoices were from corporate entities that were subsequently identified as being fake and setup by bad actors, and this regrettably occurred only after the invoices were paid and funds transferred. The government entity unfortunately suffered serious financial losses of approximately US$300,000.
- An Australian
organisation risked losing approximately AUD$1,000,000 after their bank
received an email seeking release of funds for a supplier to a nominated bank
account. The email seemed to come from this organisation but their bank’s fraud
detection systems identified anomalies with the email domain format of the
senders of both invoices. The organisation’s bank checked with them to verify
if their instructions were true and valid. Fortunately, they both came to a realisation
that it was a scam email and attempted fraud, and stopped the release of the
funds to the bad actors.
- Our final story involves
another Australian organisation where their business IT operations completely
stood still for three weeks after a ransomware request followed a successfully
executed malicious and destructive phishing attack via email against them. This
attack brought their critical corporate IT infrastructure to its knees and eliminated
all access by staff to applications and systems for the 3 weeks until the
situation was resolved with the bad actors.
Cybersecurity threats, in general, pose real
and serious risks to all businesses today, including but not limited to:
- Financial loss from substantial
fines to government regulatory authorities for security related compromise
events. - Temporary or permanent loss of
valuable business data and identity theft. - Operational disruption and staff
productivity losses. - Damage to one’s organisational brand
reputation and public image.
These risks can happen to your business as
a result of a malicious email that your people probably wouldn’t know or
identify as suspicious, even if it is right in front of them. A small effort
towards education and making your people aware of how to spot a phishing email
will go a long way towards reducing the risk of occurrence and further securing
your IT operations environment.
What is Phishing?
According to Microsoft, phishing is an
attempt to steal sensitive information through emails, websites, text messages,
or other forms of electronic communications that often look to be official from
legitimate organisations (commercial, government, not-for-profit, education) or
individuals. It is a practice used by cybercriminals to entice users to reveal
personal information like passwords or payment details which they seek to profit
from commercially. Common phishing techniques use invoice phishing, payment or
delivery scams, file downloads, or those that deliver threats such as
ransomware in the email attachment.
How to detect a Phishing Email
The key to prevention is awareness and
education, so we’re sharing with you some of our pointers on how to spot a
phishing email:
Unusual, urgent request
Does the email message ask you to perform
an unusual activity like changing your password or updating your bank
information? Does it require you to take urgent action for a strange request? If
it smells “phishy”, it must be! Banks and many authentic organisations do not
typically ask for personal credentials via email, so do not give them up that
easily.
Suspicious links or attachments
Think before you click. Be wary of misspelt website domain names or bizarre links. Check that the link will go to a legitimate website by hovering over it first. Do not open abnormal links or attachments until you can verify them with the sender by calling them.
Dubious sender
Does the “From:” field have a matching email address? Legitimate companies would normally use matching sender name and business email. In the sample below, the sender’s name is ‘Yahoo business Email’ but it goes to psmc_jdcantillo[a]yahoo.com.
Badly written email
Phishing emails typically contain odd phrases and grammatical errors. Badly written emails like the one below coming from a well-known corporate or government entity brand is one of the sure signs of a phishing email.
What to do when you encounter a phishing email
Being overly cautious is better than having regrets in the future for not taking action. Don’t ever hesitate to report to your IT department a suspicious-looking email. You may also contact the sender by calling them on the phone to confirm.
If you are using Office 365, you should turn on its built-in Multi-Factor Authentication (MFA) function for additional security and safety. Back up your data so you still have a copy of your files in case you fall victim to a phishing trap.
Need assistance with a cybersecurity incident or to broader and deepn your defences? Contact Professional Advantage. Complete the form below and our Security Specialists will be in touch.
- If you would like to know more, complete the form below and one of our experts will contact you.
-
-
We would like to send you occasional news and relevant marketing communications. To confirm you would like to receive these communications please check the box below. You can unsubscribe at any time.
- Your information will never be shared or sold to a 3rd party. Please see our privacy policy to learn more about how we use your data.
This iframe contains the logic required to handle Ajax powered Gravity Forms.
The post How to spot a phishing email appeared first on Enterprise Software Blog – Professional Advantage.
Leave a Comment
You must be logged in to post a comment.