Don’t get reeled in by Phishers

Phishing is one of the most common modus operandi (MO) used by cybercriminals. Fortunately, with a bit of cyber awareness you can greatly reduce the chances of your business falling victim.

The National Cyber Security Centre (NCSC) recently revealed that more than 746,000 phishing emails claiming to be from the NHS were blocked in just one month in 2017, highlighting that Phishing remains one of the most common tactics used by cybercriminals.

What is Phishing?

There are several forms of Phishing attacks ranging from the most common form which is Deceptive Phishing to more advanced versions such as Pharming where they manipulate a DNS server and alter the IP address associated with a website.

Phishing is the most common threat faced by businesses of all sizes. In 2017 Phishing scams cost US businesses half a billion dollars and 76% of information security professionals revealed that their organization experienced phishing attacks. *

Fortunately, with a bit of cyber awareness (think Cyber Essentials), you can greatly reduce the chances of your business falling victim to them.  As people become savvier at spotting phishing emails, scammers are constantly adapting their tactics. 

image 1

What is Spear Phishing?

Spear phishers attempt to find out as much about their targeted victims as possible. They will most likely know your email address and perhaps a little bit about your personal life. They do this by scouring the internet for information in a tactic called Social Engineering.

Imagine all of the things you’ve posted on social media over the years; if your social media accounts are wide open, then a phisher can easily find out a lot about you. They can easily learn who your friends are, what businesses you use and the things you like.

Spear Phishers are likely to send their victim's personalised emails that are associated with either someone you know or perhaps a company you’ve done business with. Because the email appears to be from someone you know, you are less likely to be vigilant, giving them exactly what they want. If you receive an email that claims to be from a colleague or superior asking for urgent action to be taken; cybercriminals are betting that you will feel pressured to act before thinking. Always check with the person the email claims to be from to make certain it is legitimate. 

image 2

Top Tips for spotting a phishing scam

  • As many phishing emails are sent from overseas, they often contain spelling mistakes, poor punctuation and grammar. Sometimes a scammer will deliberately include these to see if you will respond regardless. If you do, then you will be marked as an easy target for future scams.
  • Sometimes a phishing email will claim to be from an organisation and use logos to appear more professional. Is the design quality what you would expect from the sender? Check the email headers or flag into your internal IT department. Phishing emails can easily spoof email addresses to make them seem legitimate.
  • If an email is not addressed to you by name, then it could be a sign that the sender doesn’t know you and is simply hoping to get lucky. If it is addressed to you directly but looks suspicious, then you may be the target of a Spear Phishing campaign.
  • You should instantly be suspicious of any emails making demands or threats. Never give out your details.
  • Anti-spoofing mitigations such as The Domain-based Message Authentication, Reporting and Conformance (DMARC) email standard can be used to protect against spoofing.
  • Be aware of emails that may come from someone high up in your organisation requesting the transfer or payment of funds to a specific bank account. If being responsible for handling money isn’t your job then report it immediately.
  • Does the email appear legitimate or is it trying to mimic someone you know? A hacker can ascertain your connections via social media profiles so make sure to check your privacy settings.
  • If something appears too good to be true, then it is. If someone claims to be offering you money or a prize over the internet then run for the hills, chances are they are a scammer. Remember, there is no such thing as a free lunch.

For more advice on Phishing check out https://www.ncsc.gov.uk/blog-post/announcing-ncscs-new-phishing-guidance

Want to learn more about how XQ CyberScore can help secure your business? Visit our website at www.xqcyber.com/cyberscore and if you want to give yourself the very best protection against cyber security threats try our Cyber Score software for free now.

Follow us on FacebookTwitter and LinkedIn or sign up to our mailing list at https://www.xqcyber.com/signup

 

* https://www.wombatsecurity.com/state-of-the-phish