Here’s a scary statistic: phishing emails have six times the click-through rate of genuine marketing emails. Can you tell the difference between genuine and phishing emails?
Nearly all of us have received emails from someone overseas offering a large sum of money or a sketchy drug company promising to revolutionize our love life. Ah those promises! However, cybercriminals are now taking a different approach with highly personalised spear phishing attacks looking for login credentials or credit card numbers. Here we explain more….
What is spear phishing?
Spear phishing is a targeted email attack in which hackers use email to masquerade as someone you know or trust to lower your defences and ask you to click on a malicious link or to supply sensitive information like passwords or bank details.
This is often as simple as copying the name of your manager from your company website, so you might get a work email from him or her, clicking on which could expose your entire network. It might also be an email from your bank or PayPal for example.
Can you catch a phish?
According to IT Governance, every day…
- 156 million phishing emails are sent
- 6m make it through spam filters
- 8m are opened
- 8000k people click on the phishing links
- 80k provide their information
So how not to fall for the bait…
- If it just doesn’t look right, trust your instincts and Do. Not. Click.
- Look for generic names like “Dear Customer”
- Beware of links to official looking sites asking you to enter sensitive data
- Don’t let a sense of urgency trick you into moving fast without thinking
- Look for poor grammar, spelling or syntax
- Look at details like website names that are similar to official websites e.g. google.com vs. g00gle.com
How do you protect your organisation?
Did you know 60% of SMEs that have been hacked go out of business within six months of the cyber-attack? Here is how you can get protected…
- Password management – Outline rigorous standards for secure passwords and insist on regular expiration and change.
- Two-factor authentication – Use two-factor authentication rather than fixed passwords to authenticate high-risk network services like VPNs.
- Patch Management– Ensure your systems are patched proactively and prevent unknown vulnerabilities from being exploited!
- Antivirus defences – Layers of the latest antivirus defences at vulnerable locations like mail gateways will lower the risk of phishing emails.
- Build a security-aware culture – Educate employees and empower them to recognise threats and make smart security decisions on their own.
- Change management – Develop processes that help staff take the best course of action in case of attack.
- File encryption – Make it difficult for outside parties to decrypt your data even if they get their hands on it.
TOP TIP: If you receive a suspicious email from someone you trust, but you’re not sure if it truly came from them, stop by their office, pick up the phone, or send them a separate email. The two minutes it takes to establish validity is absolutely worth it!