15 Jun Phishy business
It is hard to take data phishing seriously when the nomenclature is comical – scaling, spear phishing, pharming, whaling… and none of these terms have anything to do with what we understand as fishing with 2 main ingredients, outdoors and wet.
Phishing data and personal information from unsuspecting victims however is a serious crime despite the inherent trickery involved in the scam. A phishing email arrives in your inbox and looks like it is coming from a familiar or recognisable source like a financial service provider, sometimes with the use of business copyright and personal information. The email is posing as a legitimate request for information, encouraging or requesting the recipient to open, read and click on a link. This is called deceptive phishing and according to Tripwire, the most common type of phishing activity.
Scamwatch, a government website that tracks scams and provides monthly reports based on data collection from digital casualties, stated that over 40% of phishing attacks are sent via email. Mobile phone numbers and social media accounts are also common outlets for phishing scams.
Anyone and any device can be a target but actually it is corporate executives, with little training in security awareness, that pose a dangerous and open threat for big business. All digital users, including leaders of big business, need to be aware of the following:
- Any email that has come from a reliable company source, including your own company, that includes requests to ‘update’, ‘verify’ or ‘change your password’
- A generic salutation that is not culturally applicable, i.e. Master/Madam/Sir
- Spelling mistakes and grammatical errors
Companies can further protect themselves by training staff to remain digitally vigilant and avoid any links or attachments contained in an email that seems ‘off’ or suspicious. DELETE DELETE DELETE. Tom Biggs in The Age sought to remind businesses that while employees continue to work from home, especially in cases where employees use their own devices, they are open to security vulnerability and particularly, phishing.
Change is happening thick and fast throughout COVID-19 lockdown and those changes are being communicated en masse to employees via email, phishing emails can easily go under the radar and a click of a link can cause real damage to company privacy and employee details.
Faster Networks help businesses protect their digital assets. We are a cyber security partner that brings the best software solutions that anticipate and fix digital vulnerabilities. Our areas of expertise includes Vulnerability Management, Security Orchestration Automation and Response (SOAR), Application Security, Infrastructure Security, Distributed Denial of Service (DDoS) Protection and Application Pentesting.