One of the most common methods cyber-attackers use to target workplaces are phishing emails. The bad news is that these malicious actors are becoming increasingly more sophisticated in their attacks. Today, not even the “spam” folder can protect you!
What is Phishing?
Phishing emails appear to the receiver as if they were sent by a genuine sender, but they are not. Attackers use these emails to trick the victim into believing that there is a problem with one of their online accounts. For example, posing as a person’s financial institution, an attacker could send a user an email explaining that they need to resolve some suspicious activity associated with their account. The email includes a link that directs the user to a fake website. There, they are required to enter their log-in credentials. This would, in turn, grant the attackers access to the user’s accounts.
Other Ways to Spot a Phishing Email
Immediate Action – The email urges that you take urgent action on one of your accounts claiming that it will be closed as a result of no action.
Fake Prizes – The email claims that you have won a prize for a competition that you never actually entered.
Suspicious Attachments – The email asks you to download a suspicious attachment. This can sometimes be a “tracking advice attachment” from a supposed courier company that you or your company have never previously used.
Fake URLS – The hyperlink in the email can suggest that it’s from a legitimate company, but if you move your mouse over the link, you will realise that the actual URL is different from the one shown in the email.
What are the Risks of Phishing in the Workplace?
As businesses implement more stringent cyber security measures to ensure they filter out spam emails from employees’ inboxes, a growing, less-addressed issue is employees accessing their social media accounts at work. For example, an employee might access their Facebook account and click on a phishing message that was sent to them by a friend’s compromised account. Such an attack would place the organization’s information at the same level of risk as email-based phishing schemes.
Free Download: Is An Outright Ban On Workplace Social Networking A Good Idea?
The victim is likely to click on a link such as “Hey! Check out this video, I can’t believe they did this”. Although many organizations’ internet security programs might flag the link as a high-risk alert, this assumes that existing software and protections are up-to-date.
What Can You Do to Prevent Phishing in the Workplace?
It is difficult to prevent phishing emails from being sent to your workplace inbox. However, there are measures your organization can implement to protect itself from such attacks. These include the following:
Update Your Internet Security Program – New AV software versions are released frequently. If updated regularly, this will help protect against intrusion.
Report Suspicious Links to Your IT Help Desk – Report any suspicious links to your IT Support team, who can investigate the matter and keep a record of any and all phishing attempts.
Encourage Anti-Phishing Training in the Workplace – It’s best to hold security awareness training on issues such as phishing. This will help clarify to each and every employee the part they play in protecting their employer’s data.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.