How to protect yourself from phishing attacks
What is phishing
Phishing emails pretend to be from a trusted brand such as the ATO, the post office, larger retail stores etc.
It’s a non-targeted attack sent out to a lot of people. The attackers know that a large percentage will fail but they only need a small percentage of recipients to click on their emails for it to be worthwhile.
Spear Phishing / Whaling Attacks
Unlike a phishing attack, Spear Phishing (Whaling) attacks are targeted at you or your business.
By tailoring the email so it looks like it is from a trusted associate or another staff member the hacker gains trust and the likely hood of the recipient opening the email and attachments is increased.
The email subject is about something that needs urgent attention, such as a complaint, delayed order or delivery, overdue invoice etc.
The email may require you to do one or more of the below:
1. To open an attachment.
2. To ‘log in’ to confirm your identity.
3. Enter financial details to purchase fake software.
Opening an attachment may install a program giving access to your computer and network to the attackers. It may monitor and record keystrokes, provide a backdoor into your system or initiate a ransomware attack.
Providing your credentials (by logging in to a fake site) allows the attackers access to your your any sites where you might use those credentials.
If your financial information is provided, the hackers can use this to commit fraudulent transactions with your accounts.
The cost to your company may run into the millions (Worldwide average estimated at $5,000,000 per breach).
The statistics are frightening:
91% of cybercrime is via email
97% of people are unable to identify a phishing email
6 out of 10 companies that suffer a breach close their doors within 6 months.
What are the chances your business will be hit?
Shockingly 25% of companies get hit by cybercrime so the chance of you getting hit is very high.
How hard you are hit depends on the measures you have in place to mitigate the risk, as the costs to protect your business are so low and the risk so high, it may be seen as negligent
What you can do:
1. Prevention is better than the cure – a decent External Anti-Spam service will stop the attacks before they get to you or your staff. The investment is generally between $5.00 and $10.00 per month per email and is a no brainer in today’s threat landscape.
2. Have a company policy regarding the handling of emails so that all your staff are aware of the risks and how to avoid them.
3. Never enter your credentials or financial information into a site you have opened from an email link.
4. If you are asked to do anything in an email that may compromise your finances or information, make contact over the phone with the initiating person to verify that the email is legitimate.
5. When on a website, check for the lock symbol to ensure the site is encrypted to protect your data.
6. Be cautious about how much (and what) information is available about your business on your web site and social media pages. Scammers get their information from these sources in order to form their attack.
7. Shred documents prior to disposing of them. Cybercrime can be local and information from your trash can be used to form the attack.
Again, prevention is the best policy.
Using a good anti-spam service in conjunction with proper backup procedures and staff policies will give you the best level of protection.
If you would like assistance in getting ptoection in place call is on 1300 765 911 or email email@example.com