Phishing is an industry… it’s dirty, it’s growing and it’s increasingly sophisticated. It’s estimated that around 90% of data breaches are still caused by phishing and every organisation should be taking measures to legislate against them.
Most of us will have received an email that raises our suspicions and when this happens it’s best to be cautious and check it out. In many cases the message will ask you to confirm personal information – a PIN or a password. There may be a link to click on or an attachment (maybe a fake invoice) to open. Don’t click, don’t open unless you are sure.
The scammers work on human weakness. They may try to personalise messages to get your attention, offer free goodies or threaten the termination of services to prompt an urgent response. It’s inevitable that some of these Phishing expeditions will find a victim but we can make it more difficult for the scammers.
What to look out for.. any attachments or links from an unknown sender should raise suspicions. Check the domain name – any public domain (@gmail / @hotmail for example) is not being sent by a genuine business. It goes without saying that you should always look out for errors in spelling and grammar as well as poor quality logos.
Employers are responsible for raising awareness and educating in the fight against Phishing. Most of us think we wouldn’t fall for a scam and often its just raising awareness that’s needed, ensuring that employees are not complacent and remain vigilant. We assume that our people know not to click but it’s best to be sure.
Technology makes it easier for the scammer community to phish on an industrial scale but we can also use technology to combat the threat. Every organisation should employ up-to-date security software and carry out regular backups. Risk assessments should be made looking at data storage arrangements and remote access for employees. Multi-factor-authentication (MFA) may also be considered as another protection.