We are all highly aware of phishing emails and the damage they can cause an organisation. But as we become more knowledgeable, hackers become smarter and now, business email accounts are targeted more frequently than Gmail.
Here are some tips to help you avoid being phished
Always check links before you click
Are you expecting the attachment? If not, don’t click
Do you know the sender? If not, be careful
If your CEO suddenly asks you to do something ‘out of the ordinary’ for him or her, then check. It’s a common way (known as CEO and CFO fraud) to get access to internal systems or even transfer money to the criminal’s account.
We are no longer fooled by the Nigerian Prince who needs
access to our bank account to transfer his money, but there are modern day
versions of this which are much more sophisticated.
Cyber criminals are in it for the long haul. Some try to form a business type relationship – perhaps based on mutual respect which starts on social media. They gain your trust before progressing to email and asking for something.
Do you know the sender?
Make sure you personally know the sender. Not only that, if the content looks dodgy, then check the URL by hovering over the link. The latest phishing email can look like it comes from somebody you know (image below) but their account has been hacked or their address faked. The hackers send a “confidential document” stored in the cloud which you must click on to access.
In fact, when I received one of these from a known contact,
I forwarded the email to my contact to let him know there was something dodgy
going on. The criminals replied to let me know that it was a genuine email. (Most
kind of them!) I subsequently phoned my contact to let him know.
It’s easy to add a logo to an email to make it look real
It’s easy to set up a spoof email address
Links can be disguised to look innocent – always hover over the URL to avoid being phished
And of course, always report suspicious emails to your IT team or your trusted Managed Services provider.