As the festive season approaches, organisations must ensure that staff remain increasingly vigilant of phishing attacks, delivered not only through external sources, but also supposed internal communications, such as emails from senior leadership teams, in relation to seasonal activities.
This is according to cloud distributor and current Symantec partner of the year intY.
Phishing attacks remain an ever-present plight on society with new data from Google and UC Berkeley revealing that, following a recent 12-month study, over 234,000 valid names and passwords were being obtained by hackers every week from phishing, equating to over 12million credentials.
Craig Joseph, COO at intY stresses that with Christmas only six weeks away, firms and staff must exercise caution when opening emails and electronic communications during this busy period, with threats coming from not only external sources, but from supposed internal ones too.
“The festive period represents a busy time for any industry, not least cyber criminals who take advantage of people’s goodwill by sending fake e-greeting cards and seasonal offers, all with the hope of the recipient opening it and clicking on a malicious link. For the most part, organisations and staff are increasingly aware of these tactics and know to avoid them, but often the trickier challenge comes when that email is from a recognised person, such as their own boss.
“At this time of year particularly, this might come in the form of an email supposedly from your senior leadership team advising staff about using a new holiday calendar to keep track of people’s leave during this busy period. Alternatively, an email exploiting the Christmas party, by asking staff to click on a link to pick food options for a team meal. These examples are completely opportunistic and likely to have no bearing on the organisation itself, but all it takes is one member of staff to click on a link to cause a whole host of problems for a business.”
Considering this, Joseph advises that there are several giveaways that staff should look out for to determine the validity of an email and to avoid being phished.
“Firstly, look at the email address. Cyber criminals will use a familiar email address containing the slightest of variations; possibly a missing letter or adding an additional one. If that is the case, there is a strong chance this is fraudulent.
“Next, look at the tone of the email – phishers often use language that creates a sense of urgency. Always feel free to question this and don’t be afraid of being suspicious. Alongside the tone, look at what’s being asked of you. In the case of a firms Christmas meal, does it contain any more specific information, such as the name of the venue hosting you, key dates and times? If not, feel free to question its validity.
“Finally, you must also look at the source of the email; typically, a scammer will use the most visible person in the company, such as a CEO, but applying common sense, question whether this type of email would typically come from that person. Where possible, don’t be afraid to ask the individual directly instead of responding electronically. Other tell-tale signs include seeing whether all the images from the source email are downloaded, as well as whether checking to see if the rotational banner has been removed.
“While these are all simple methods, they can go a long way to keeping a business and its staff safe and secure, through the busy festive period.”