A word of warning: My wife called me up the other day. She’d got an email from HMRC telling her that she was due a rebate for £327.35. All she had to do was click on a link to fill in her bank details so the refund can be sent over. She called me up to check whether to follow the instructions. Obviously I told her NOT to click on the link.
When I got home I took a good look at the email. It was *really* convincing. There’s normally 5 ways to detect a “Phishing” email (scammers who want to get your personal data or rip you off). Here they are:
> The source email address is normally dodgy & not from the company they say they’re from.
> They might have some odd kind of attachment… If you get an email from a mate & it seems weird – give them a call to make sure they sent it. They might have been hacked.
> There’s normally a deadline to be met, this creates a sense of urgency & people ignore sense & just click on the link or download the attachment.
> Links to web sites will appear to be legitimate, but if you hover your mouse over them (DON’T click!) the real web address will appear. It won’t be the real one.
> For some reason, scammers can’t spell and normally use bad grammar in their emails.
The biggest weakness in your company’s cyber-defence strategy is your employees. Does that sound a bit harsh? Alas, it’s the truth. I was recently talking with a business that run Phishing Simulations for huge corporations around the world.
They told me a shocking statistic, that 23% of employees will fall for a scam & click on a potentially lethal link in an email from a fake source.
That’s massive! And leads to huge damage to your company.
It can lead to malware being installed on your computers which spreads through your network like wildfire, crippling your machines & bringing your business to it’s knees.
Your customer data can be stolen & hefty fines imposed on you. Not to mention the reputation harm & loss of trust you’ll experience.
Your company’s creative content can be exposed too, all of your intellectual property, ideas, strategies & plans revealed to your competition by malicious attackers.
What’s the number 1 thing you can do to prevent this? Educate your staff. Regularly.
Put them on a security awareness training program. It’s worth the investment. You’ll be protecting everything you care about in your business.
Written by Paul Bedford,
Information Risk Management Consultant (Cyber)