How to protect your business against phishing
Cybersecurity is one of the most pressing technology issues facing businesses today. One of the fastest-growing cyber threats is known as email phishing, and every type of business is vulnerable to some extent.
So what is phishing? It’s a way to steal confidential information by sending fraudulent messages, often by email. As hackers turn to more elaborate social engineering schemes and deceptions, recognising the threat, before it’s too late, is a challenge in itself.
Who’s the target?
Hackers target people, not computers.
INDIVIDUALS
Individuals are often targeted through masking as a known brand, with the aim of collecting personal or financial information, such as account credentials, personal identification, and other sensitive information
EMPLOYEES
Elaborate and targeted messages, known as ‘spear phishing’, target specific people within organisations, containing personal information to make them appear more authentic. These can be hard to detect, making them extremely dangerous to any organisation.
CEO & C-SUITE
Often referred to as ‘whaling’, an email is sent to a high profile leader, such as the CEO, whereby the criminal is acting as another staff member within the organisation. The goal is to action certain things, such as approving a money transfer to an account or downloading malware such as ransomware.
Examples of email phishing
ANZ
^ How to spot the threat:
This is a simple attempt, masked as ANZ and directed to an individual. Let’s break it down:
The email address that it claims it is coming from has a .com.auu extension which doesn’t exist.
The email is being sent from a Russian domain extension: zimbra.cbdd.spb.ru.
When hovering over the link, it displays a domain extension (.co.th) from Thailand.
Outlook is all-ready suspicious, therefore it’s been placed in the junk mail folder.
Microsoft
^ How to spot the threat:
There’s no reply address
The email isn’t personalised — Dear Office 365 Client — Surely they know your name if you have a subscription with them!?
The link says http://quota.microsoftonline.com which is legitimate, but upon hovering over the link, we see that it is trying to send us somewhere else — http://colexo.org < Dodgy.
3 steps to protect against email phishing
Here are three ways to protect yourself, your employees and your business:
1- Get antivirus with web filtering
Most phishing attacks attempt to exploit vulnerabilities in software, so keeping your antivirus up-to-date will reduce the likelihood of a breach. A good antivirus solution will also incorporate a web filter to verify sources automatically.
2- Use two-factor authentication on all email accounts
Turning on two-step verification adds an additional layer of security for companies and helps protect your accounts from phishing attacks. Better yet, put two-factor on everything that is valuable.
3- Educate your team to identify a scam
Some businesses receive a number of phishing attempts every day. Therefore, it’s worth investing in training for your employees to understand what looks suspicious or uncharacteristic. It’s important to embrace even false alarms and encourage staff to continuously question suspicious attempts in the future.
Train employees and executives to think with a security mindset and ask questions.
Check reply-to email address and validate that it’s legitimate.
Call to confirm unusual or urgent requests.
✉️ If you have an email that looks fishy, forward it to: thislooksdodgy@shadowsafe.com.au
If you’re a ShadowSafe client with EmailSafe activated—you’re already protected with device antivirus and advanced web filters to weed out known phishing threats.
Do you have a plan to protect your business from phishing or impersonation attacks?
Our team can help. Ask our team about activating EmailSafe in your business.
