A Beginner’s Guide to… Phishing
A Beginner’s Guide to… Phishing
According to the Wall Street Journal; 97% of all cyber-attacks start with Phishing. When you think about it, there’s no wonder really when you consider that most of us are using Email on a daily basis for both Personal and Business use. In fact, I think it’s safe to say that most businesses are dependent on email for communication.
The challenge we have as IT Managers and Business Owners, certainly from a Security standpoint, is that most end-users are very comfortable with receiving documents via email. Whether it’s an Excel Document, a Microsoft Word document, or a PDF, we’re all fairly happy to open most of these attachments without really thinking about it, and this is what cyber-attackers are hoping for.
Typically, what the bad guys will do, is embed a form of a ‘Phishing’ attack (or a type of Malware) in to an email, and to give their attempt the greatest chance of success they will disguise this attack as an Attachment (or the Link to a website) so that it appears to be a legitimate – it may even be an attachment that were expecting – maybe it’s that Purchase Order you were expecting, or an Excel Document with some important figures in.
In reality, when we open that attachment, it opens up the Malware and it starts to cause chaos. The attack itself could to be one of the following:
- A Ransomware attack on your business, whereby your files are held to ransom in an encrypted state and you are instructed you to pay a ransom in order to restore access.
- The attachment could be Malware, and could dig in to your systems and start to deleting files, all without you actually knowing about it.
- Or it could simply sit there in the background, again without you knowing. Silently capturing personal information, and sending it off to some shady corner of the internet.
Often, malware will spread laterally, infecting and damaging other systems, one by one. So it’s important that we’re aware of how to mitigate so of these threats!
You need to STOP, THINK, and ANALYSE your emails.
- Were you expecting the email? Have you done anything to provoke the email landing in your Inbox?
- Does the email look legitimate? Check for company branding, correct contact details etc…
- Check the wording. Check the grammar and the way the email is written.
- Does the sender address look suspicious? Hover over the senders name, check the domain!
- If possible, don’t click on a link within an email. Always go to a browser and login separately.
In some cases, the website might look like the real deal, but in fact, it could be disguised and engineered in a way to capture your information. Such as Login Credentials, Bank Details, your address, email address etc.
If the email appears to come from your bank, then it’s probably wise to pick up the phone and verify the email with them before taken any other action, and if you’re in any doubt, follow your company policy and notify your IT Helpdesk as soon as possible. Handing this information to the wrong people could make you a prime target for a “Social Engineering” attack.
Social Engineering is another method of deceiving us as end-users. It’s a really interesting subject, and it’s one that we go into a lot more detail about on our eLearning Portal. We take a look at how these attacks are actually performed, and how Social Media (such as LinkedIn, Facebook, Twitter) plays a big part in the process. And of course, we’ll be educating you and your end-users on what signs you should be looking for, including practical methods you can use to avoid becoming a victim.
E-ZU eLearning Management System
An all-in-one cloud solution built to inspire learning and fuel workplace productivity.
Our next-generation platform delivers tailored, up-to-date training content across a range of business-critical topics, via an extensive course library of over 5,000 videos, and the ability to add your own custom channels and content.
It’s simple to use and comes packed with powerful tools to manage training and track development, to increase learner engagement (with in-built gamification), and build a sense of community across your workforce – all under an affordable per-user/per-month pricing model.