Phishing – as defined by a quick Google search is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.
And according to a recent report published on the BBC website, email scams are still the most popular method for cyber criminals to attack your company or personal IT devices.
A quick look through your SPAM folder will reveal many such emails being filtered (hopefully) from your inbox. Typical subjects in mine relate to “FW: Invoice” from an unknown person; “Corpdata Registration Form” from some directory; Payment Overdue (response required) from “support” and an “Invoice 70603057 from 19/12 for £4024.80” from no one we deal with.
All of these and many more are designed to make me click and open them hence downloading something nasty onto my device or to handover private information that can then be used to access sensitive accounts.
The BBC reports that 90% of all attacks were trying to steal cash, so your finance department is likely to be receiving a high level of these. Booby trapped emails are also reported to be the main weapon of choice. Regrettably around 30% of these are being opened and of those 13% ran the malware included in the email because staff then ran the attachments.
Educate Your Team
A small amount of time and expense educating and training your team on the possible methods of attack will be an excellent way to start tightening your security. It can be far harder to spot the attack once installed, with the average time taken being 2 weeks before a hack is even recognised let alone being fixed.
If you need external advice, or someone to test your current setup we would be happy to take a look at your current set-up and make recommendations on areas where you could make improvements.