Could you be the next phishing victim?
A fraudster needs just one employee to click on a malicious link or open a malware attachment to gain access to a company’s entire network.
Phishing: the fraudsters’ favoriteOne of the most commonly used con tricks is ‘phishing’: a form of online fraud in which emails are sent out in an attempt to convince people to share sensitive information. The email typically directs the recipient to a website where the user is asked to ‘update’ personal information such as their password, credit card and/or bank account details (which are then used for fraudulent gain). Some phishing messages also include malware attachments. Sharing information or opening a malware attachment can paralyze the entire company. Cybercriminals have countless possibilities, ranging from stealing confidential R&D information or customer details to holding the organization to ransom.
Phishing techniquesBesides ‘deceptive phishing’ in which huge volumes of seemingly legitimate emails are sent out (as described above), other types of phishing are more personalized and therefore more difficult to spot:
- Spear phishing: the scammers send personalized emails including details such as the recipient’s name, job title, phone number or other specific information. Sometimes the fraudsters even gather information via social media platforms to prepare a more targeted attack.
- CEO fraud: phishers impersonate the CEO or other high-ranking executives in the organization in order to ask other employees (e.g. Finance) to make fraudulent transfers. They usually impersonate the CEO by stealing his credentials (e.g. in a spear phishing attack) or by using technology to send an email seemingly on his behalf.
How can you avoid taking the bait from phishers?There is no single golden rule that will completely safeguard you from falling prey to a phishing attack, but you should always keep the following pointers in mind:
- Check the sender’s email address: if the email address doesn’t match the name of the organization it is claiming to come from, then it could be a phishing email.
- Beware of the content of the email: phishers try to trigger emotions such as fear (if you don’t provide the requested data then you will lose access), greed (you can earn money), pity, etc.
- Check the links in the email: phishing emails often contain links to a website that does not match the name of the organization the email is supposedly from.
- Don’t immediately click on attachments: if in doubt, never open attachments in an email.
- Use your common sense.
As the CIO, online security is my daily concern. However, in a digitalized world, we all have to do our bit to protect our company’s confidential data. So, be prepared and resist the temptation to bite!