Delivering A Stronger Defence Against Phishing

Organisations across the world have fallen victim to cyber-attacks recently, with Petya and Wannacry being the latest major global ransomware attacks to exploit vulnerabilities within operating systems.

It is believed the viruses were seeded through hijacked software updates and via phishing emails.

This could be a big concern for the courier industry which, having seen developments in technology improve processes over recent years, could be stopped in its tracks if targeted by phishing. Worryingly, one in 10 individuals will fall victim to an attack.

The process

Replicating legitimate email addresses, cyber criminals pose as known contacts to bypass security checks, arriving in the intended target’s inbox with ease. 

The recipient, oblivious to an attack, sees a familiar email address and opens the email. They are then prompted to carry out an action, such as clicking a convincing link which takes them to a corrupt website designed to extract sensitive information.    

Emails may also include toxic attachments containing malware or ransomware which, when opened, will infect the device and take over the entire system.

Matt Rhodes, Quiss Technology

The bait

Emails may appear to come from a known contact but the recipient should always check:

The sender – Look carefully at the sender. Do you definitely know this person? Is this their usual email address or is it just similar to one you recognise?

The subject – Subject lines should always correspond to the body of the email. Does the email subject look unusual? Are there spelling mistakes? Unusual or poorly written subject lines may indicate the email is fraudulent.

The content – Be careful if an email requests personal information or prompts actions, such as asking you to visit a website or reply to the email.

Any links – Be wary of links in emails. No matter how authentic they look, they could direct you to a malicious website.

Any attachments – If there is a document attached to the email, were you expecting it? Do you recognise its format? Is the attachment mentioned in the email? Only open attachments when necessary and do so with caution as they can easily transmit viruses.

The numbers

Phishing is a popular attack method for criminals as it has a high success rate whilst being low-risk, and:

  • 10% of people targeted will fall for a phishing attack
  • 23% will open the message
  • 11% click on attachments
  • 250% increase in the total number of phishing sites from October 2015 to March 2016
  • 91% of hacking attacks start with a phishing or spear-phishing email
  • 55% increase of spear-phishing campaigns targeting employees

Phishing tackled

Specialist service providers can conduct simulated attacks on your employees to help educate them on the dangers of phishing emails, and how they can spot a potential attack.

Working with you, they will send out ‘test’ phishing emails, which appear to be sent from familiar contacts like colleagues or customers.

All responses and actions are recorded to reveal who opened the emails, clicked links or downloaded attachments, etc. Those who interact incorrectly will receive an email reminding them to be more vigilant.

Comprehensive reports will enable you to identify weaknesses within your business so you can focus training where support is needed most.

There will always be individuals who become complacent over the threat of phishing, and others who simply think they are too clever to be caught out. Unfortunately, it only takes one person to click the wrong thing for the future of your business to be in serious jeopardy.

Don’t risk any mistakes; discover the vulnerabilities in your systems by phishing your employees – before the real criminals do.

 

[Source: Matt Rhodes at Quiss Technology]