The accounts department have received an email that appears to be from the Managing Director instructing them to make a payment.
The email also states that the MD is currently uncontactable and that the payment needs to be actioned as a matter of urgency.
The email looks slightly suspicious, but they are unsure. What should they do next?
WHAT IS PHISHING?
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies, with requests for personal information, such as passwords and credit card numbers.
It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
95% of successful Cyberattacks are the result of phishing scams.
THE FIRST STEP
Always get authorisation when instructed to make payments or other important actions, do not act purely upon instructions on an email.
The first thing to do would be to contact the sender for authorisation.
Cyber Criminals have techniques to know when people are uncontactable (i.e. out of the country or travelling) so that they can target employees with phishing emails.
Look out for poor spelling and grammar, the tone of the email and double check the senders exact email address.
95% of successful Cyberattacks are the result of phishing emails because they usually rely on human error.
Make sure that internal IT Security Policies in place and that staff regularly receive the appropriate training, this is key to preventing Cybercrime.
Use layered email security and Multi-Factor Authentication to protect against phishing, ransomware and impersonation attacks.
Our experienced team provides different levels of security, user training, multi-factor authentication, off-site back-up and disaster recovery.
CYBER ESSENTIALS / PLUS
Cyber Essentials is a Government-backed scheme which helps to protect organisations against the most common Internet-based threats — particularly, attacks that use widely available tools and demand little skill. The scheme considers these threats to be:
Hacking — exploiting known vulnerabilities in Internet-connected devices, using widely available tools and techniques
Phishing — and other ways of tricking users into installing or executing a malicious application
Password guessing — manual or automated attempts to log on from the Internet, by guessing passwords
The Cyber Essentials scheme helps organisations to protect the confidentiality, integrity and availability of data stored on devices which connect to the Internet.
Advantages of certification
• Reassure customers that you are working to secure your IT and their data against cyber attack
• Attract new business with the promise you take cyber security seriously
• Build a relationship with a trusted IT supplier
• Certain local & national government contracts require Cyber Essentials certification
CYBER SECURITY WEBINAR
Sign up for our free 30-minute Cyber Security webinar on Friday 14th February 2020 (11.00 – 11:30) for advice on how best to protect your business from the threats of Cyber Crime.
Click here to sign up by simply filling in your name and company.
For more information please contact Martin Brelsford on either 01282 859806 or firstname.lastname@example.org