Phishing: If you suspect deceit, hit delete!
With new GDPR (General Data Protection Regulations) rules coming into effect recently for businesses across the country, a sharp rise in ‘phishing emails’ has emerged.
Phishing is one of the easiest forms of cyber attack for a criminal to carry out and is often achieved via email – although the scam has now spread to social media, messaging services and apps.
And criminals have recently been taking advantage of the recent GDPR rule, which is an EU-wide privacy crackdown designed to better protect people’s data and stop businesses using it to spam them with unwanted marketing material.
It has been reported that as organisations reach out to their customers to ‘opt in’ to continue to receive marketing emails, so have criminals – by acting as organisations and sending out emails themselves designed to trick people into handing over financial information including account details, phone numbers and PINs.
What is phishing and how does it work?
Phishing is the act of intentionally deceiving someone by posing as a legitimate company. A basic phishing attack attempts to trick the target into doing what the criminal wants. That might be handing over passwords to make it easier to hack a company or altering bank details so that payments go to fraudsters instead of the correct account.
The aim and the precise mechanics of the scams vary: victims might be tricked into a clicking a link through to a fake webpage with the aim of persuading the user to enter personal information – it’s estimated that an average of 1.4 million of these websites are created every month.
Other campaigns involve tricking users into downloading and installing malware – for a stealthy approach to theft – or inadvertently installing ransomware, providing the attacker with much more immediate profit.
However, email phishing still remains the highest target for criminals and, according to the 2016 Trustwave Global Security Report – approximately 54% of all inbound email is spam.
So how do you spot a phishing attack?
The whole point of attackers carrying out phishing attacks is to use deception in order to trick victims into compromising themselves, be it by installing malware onto the network, handing over login credentials or parting with financial data.
While at its heart phishing remains one of the most basic forms of cyber attack, the simple fact of the matter is that it works – and it’s been working for over two decades.
There are a number of areas to look out for when deciding if an email is genuine:
Poor spelling and grammar – Many of the less professional phishing operators still make basic errors in their messages – notably when it comes to spelling and grammar.
Shortened or odd URLs – It’s very common for email phishing messages to coerce the victim into clicking through a link to a malicious of fake website designed for malicious purpose. Look out for shorten URLs or a minor variation on a legitimate web address as criminals hope the user will not notice.
Strange sender – Is it actually from who it says it’s from. Always check the sender address. It may look legitimate, with good spelling, grammar and a company logo but always check the sender address.
Don’t believe in everything you see – Don’t always believe that a website is secure. If you see that a website is secured and certificated by certain trusted sources, take that with precaution.
Type of questions – Finally always be suspicious on the type of questions you are asked. If you are asked to fill out details, never give out information such as Mother’s Maiden Name or your National Insurance Number – companies such as banks should never ask for this information.
What are we doing at Arc Systems?
At Arc Systems, we employ a high level email security system called Mimecast – which is a popular product among our customers.
Mimecast Email Security with Targeted Threat Protection uses multiple sophisticated detection engines and a diverse set of threat intelligence sources to protect email from malware, spam, phishing and targeted attacks delivered as a 100% cloud-based service.
With Mimecast’s Secure Email Gateway, it not only protects you from email-borne attacks, it also protects businesses from more sophisticated and targeted attacks.
Their Targeted Threat Protection system also allows you to do a real-time scanning of all inbound emails to detect header anomalies, domain similarity and suspect email body content.
Mimecast has a number of secure features that will keep businesses at ease when it comes to phishing. Why not give our sales team a call on 01268 288100 or email us on firstname.lastname@example.org and find out how we can help you keep safe from phishing.