Are you the bait for the Phisherman!

By Steve Marsten

This week a work colleague received an invoice from me that had my mobile number and email address. It looked very real bar the senders address. It wasn’t my address.

This is called a Phishing Hack. It aims to gain access to something that it doesn’t currently. Hence an email masquerading as a trustworthy source in an attempt to bait the receiver to surrender sensitive information such as usernames, password, credit card numbers etc.

There has been a significant increase in Phishing attacks in recent years. Recently IT service companies reported that most customers weren’t prepared to protect themselves against phishing. Further, many felt they were not confident that their customers were vigilant enough to spot a email phishing scam.

The growth of phishing attacks in both frequency and sophistication, poses a significant threat to all organisations.

There are numerous ways in which Phishing presents itself. I will mention just a few.

The most common type of phishing scam, deceptive phishing, refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or logins. Those emails frequently use threats and a sense of urgency to scare users into doing the attackers’ bidding. Ie such as attaching an invoice.

The success of a deceptive phish hinges on how closely the attack email resembles a legitimate company’s official correspondence.

Spear phishing scams occur when fraudsters customise their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender.

The goal is the same - lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.

A variation of spear phishing is whaling! This is where the Phishermen go straight for the CEO of the company and attempt to harpoon an executive.

The answer is to prepare your business for this attack. Use your IT people to train your staff to be aware and vigilant. Make sure your have a written IT security policy that s available for all staff to see and discuss. Don’t be the bait for the Phishermen – call the team at Sothertons on 49 721300 for more information on Phishing scams and the protection you need to consider.