Welcome to our August business newsletter! What an exciting month it has been so far! Restrictions have lifted! YAY! Now if we can just get to the summer part, that would be great! A very quick HAPPY BIRTHDAY to two of our Directors this month! We hope you have a great day Tom and Sean!
Jake and his partner have become fur parents with their two new arrivals… Lady Penelope and Chester! Needless to say it hasn’t all been plain sailing for them, Lady Penelope likes to zoom around jumping on anything and everything at 4am and Chester has learnt the hard way (being scrammed) when he got a bit too close for Lady Penelope’s liking! How cute and beautiful are they though? Who doesn’t love animals?!
This month we are going to talk about phishing… We would place money on no phishes getting past Lady Penelope though! What is phishing? How can you help protect yourself and not take the bait? Let us help…
Phishing is a type of social engineering attack in which cyber-criminals trick victims into handing over sensitive information or installing malware. The most popular way they carry this out is via malicious emails that appear to be from trusted senders, but sometimes use other means, which are explained below or sending links to malicious websites. How does phishing work?
Targeted phishing attacks
Most phishing emails are sent at random to large numbers of recipients and rely on the sheer amount of numbers for success. (The more emails are sent, the more likely they are to find a victim who will open them.)
However, there are also many types of attack – known as spear phishing – that target specific organisations or individuals. As with broader phishing campaigns, emails might contain malicious links or attachments.
These types include:-
A copy of a legitimate email that has previously been delivered, but sent from a spoof address that closely resembles the email address of the original sender. The only difference between it and the original email is that links and/or attachments will have been replaced with malicious ones. Recipients are more likely to fall for this sort of attack as they recognise the contents of the email.
A type of spear phishing that targets high-profile individuals, such as board members or members of the finance team. These attacks require additional effort on the part of the attacker, but the rewards are potentially greater: CEOs and other C-suite executives have more information and greater levels of access than junior employees. Moreover, a senior staff member’s compromised account can be used to carry out BEC attacks.
How to identify phishing emails:-
Even if your organisation has strong technical security measures, some phishing emails will inevitably get through.
It is therefore critical for all employees to be able to recognise them. Things to look out for include:
- Public email domains
- Misspelled domain names
- Bad grammar and spelling
- Suspicious attachments/links
- Sense of urgency or of a threatening nature
How to deal prepare for phishing attacks:-
- Implement strong cyber security practices to prevent as many phishing attacks as possible from getting through your defences and ensure that, if they are successful, they do not get much further
- Build a positive security culture. Recognise that social engineering is successful because the cyber-criminals are good at manipulation. Don’t punish staff for falling victim, but encourage them to report incidents. If there is a culture of blame, your employees will not admit to what is perceived as a mistake, which will put your organisation at far greater risk
- Learn the psychological triggers! All social engineering attacks exploit human psychology to get past victims’ natural wariness, such as:
- Creating a false sense of urgency and heightened emotion to confuse their victims
- Exploiting the human propensity for reciprocation by creating a sense of indebtedness or
- Relying on conditioned responses to authority by seeming to issue orders from senior figures
- Train your staff. ANYONE could succumb to a phishing attack, so all employees need to be aware of the threat they face. Regular staff awareness training will help everyone in the organisation understand the signs of a phishing attack and its potential consequences. They will then be able to report potential phishing emails, according to company policy
- Test the effectiveness of the training. Simulated phishing attacks will help you determine the effectiveness of the staff awareness training, and which employees might need further education
- A lot of organisations assume it will not happen to them… in 2020 73% of organisations fell victim to phishing
You are also able to report any phishing emails etc right here or forward the email to this email address [email protected], for any websites you think may be scammers, you can report those to the NCSC who investigate and take appropriate action.
How can we help you?
As a trusted partner, we work exclusively with Cisco as we believe they have the most complete approach to address today’s as well as tomorrow’s security challenges.
Unlock the value of a unified security model, one that covers all areas of your environment. Protect your people, wherever they work, protect your data, whether on premise or cloud – before, during and after a cyber threat.
Contact us today for your FREE, no obligations security audit and chat!