You wouldn’t get caught out by a phishing email, or would you?

Phishing emails, would-you-get-caught-out?

Phishing emails – you get them, I get them and those pesky cyber criminals continue to evolve the format to try and get people to click links or download files that contain malware. The majority are easy to identify from the content.  Messages from banks you don’t use and links to invoices from companies you have never heard of, or have heard of and the name has a spelling mistake.

Here is my TIP FOR CYBER CRIMINALS – get a spell checkers and hire a proof reader.

Many phishing emails never get to their intended target as they are detected by an email malware scanner. The quarantine area of our email system currently has ones about invoices and refunds, each with an attachment that has been detected as malware. Ones that (currently) get past the scanner are showing a trend of using the fear of losing access to emails, including those marked as spam(!), as the way to bait you into clicking a link. Some examples are shown below.

Example of a Spam email Another example of a Spam Email

If the second one was were true, it would be a major issue for any organisation. There is a high probability of someone who isn’t aware of what phishing emails can contain and how realistic they can be, deciding to click a link. They will probably not even get to the part of the mail that has the spelling mistake.

Things you need to do to protect your organisation

  • Give users updates on the latest trends in the phishing emails you are seeing getting into your email system. Do this on a regular basis, not once a year
  • Assume people are likely to panic if they see messages about losing access to any IT system they use on a regular basis. Some will click on malicious links. Make sure administration access is restricted to those that need it and anti-virus measures are in place to stop unwanted programs being downloaded and installed
  • Make sure people know how to report concerns and they need to do this straight away.  From ‘is this email valid?’ through to ‘I have clicked a link that I shouldn’t have clicked on’

Get in touch if you want advice on other things you should be doing to manage the risk of phishing emails.

e: ian.grey@wadiff-consulting.co.uk
t: +44 (0)7941 188462