A Beginner’s Guide to… Phishing
A Beginner’s Guide to… Phishing
According to the Wall Street Journal; 97% of all cyber-attacks start with Phishing. When you think about it, there’s no wonder really when you consider that most of us are using Email on a daily basis for both Personal and Business use. In fact, I think it’s safe to say that most businesses are dependent on email for communication.
The challenge we have as IT Managers and Business Owners, certainly from a Security standpoint, is that most end-users are very comfortable with receiving documents via email. Whether it’s an Excel Document, a Microsoft Word document, or a PDF, we’re all fairly happy to open most of these attachments without really thinking about it, and this is what cyber-attackers are hoping for.
Typically, what the bad guys will do, is embed a form of a ‘Phishing’ attack (or a type of Malware) in to an email, and to give their attempt the greatest chance of success they will disguise this attack as an Attachment (or the Link to a website) so that it appears to be a legitimate – it may even be an attachment that were expecting – maybe it’s that Purchase Order you were expecting, or an Excel Document with some important figures in.
In reality, when we open that attachment, it opens up the Malware and it starts to cause chaos. The attack itself could to be one of the following:
- A Ransomware attack on your business, whereby your files are held to ransom in an encrypted state and you are instructed you to pay a ransom in order to restore access.
- The attachment could be Malware, and could dig in to your systems and start to deleting files, all without you actually knowing about it.
- Or it could simply sit there in the background, again without you knowing. Silently capturing personal information, and sending it off to some shady corner of the internet.
Often, malware will spread laterally, infecting and damaging other systems, one by one. So it’s important that we’re aware of how to mitigate so of these threats!
You need to STOP, THINK, and ANALYSE your emails.
- Were you expecting the email? Have you done anything to provoke the email landing in your Inbox?
- Does the email look legitimate? Check for company branding, correct contact details etc…
- Check the wording. Check the grammar and the way the email is written.
- Does the sender address look suspicious? Hover over the senders name, check the domain!
- If possible, don’t click on a link within an email. Always go to a browser and login separately.
In some cases, the website might look like the real deal, but in fact, it could be disguised and engineered in a way to capture your information. Such as Login Credentials, Bank Details, your address, email address etc.
If the email appears to come from your bank, then it’s probably wise to pick up the phone and verify the email with them before taken any other action, and if you’re in any doubt, follow your company policy and notify your IT Helpdesk as soon as possible. Handing this information to the wrong people could make you a prime target for a “Social Engineering” attack.
Social Engineering is another method of deceiving us as end-users. It’s a really interesting subject, and it’s one that we go into a lot more detail about on our eLearning Portal. We take a look at how these attacks are actually performed, and how Social Media (such as LinkedIn, Facebook, Twitter) plays a big part in the process. And of course, we’ll be educating you and your end-users on what signs you should be looking for, including practical methods you can use to avoid becoming a victim.
The E-ZU eLearning Portal – FREE for 100 of your staff members for 14 Days
To help organisations with their end-user cyber-security awareness training, for a limited period we’re offering free fully-fledged access to the E-ZU Advanced eLearning Platform for up to 100 staff members.
Our free service includes full, unrestricted access for up to 100 users/staff members within an organisation. There is no obligation to purchase anything thereafter, no credit card information is needed, and no auto-renewals of any kind.
The free service offers a fully-featured service that contains in-depth training courses for End-User Security Awareness, the entire Office 365 platform (including Microsoft Teams), and much more – across 5,000 up-to-date training videos. We will also provide free set-up consultation with one of our technical consultants to make sure your users can take full advantage of the training that matters most to your organisation. Find out more about the E-ZU eLearning Portal