Phishing attacks increase
Most people are now aware of one of the hacker’s weapons known as “phishing”, a fairly random form of attack using emails with links to malicious websites infected with malware, or with infected attachments. The rising incidences of cyber-attacks on small and medium sized businesses has seen an increase in one particular variant, known as spear phishing.
Spear phishing is a very targeted form of attack, focusing on a particular individual or department within a business using emails purporting to be from a highly trusted source – possibly even a senior manager in that company.
The email may ask for confirmation of user names and passwords for particular accounts or applications that would leave the business open to data loss or worse. The most financially lucrative request is for confirmation of bank or credit card details. Recent attacks have even appeared to be from a company Director asking the finance department to transfer significant sums into a particular bank account. Of course, that money would go straight to the hacker.
As with all phishing scams the hackers use well crafted, apparently very genuine emails that lure the recipients into clicking on links, opening attachments or even carrying out an instruction from a senior manager.
It is vital that everyone in an organisation that receives emails is made aware of the risks and best practice to avoid falling foul of the cyber criminals:
- Don’t open unsolicited or unrecognised emails
- Don’t click on links or open attachments in emails that are from an unknown source
- Type a URL into your web browser rather than using a link on a website or in an email
- If you get a request from a colleague or manager for sensitive or financial information, speak to them before you take action